As 2012 comes to a close, some people are already looking ahead to what the next 12 months will bring. One of them is Tim Rains, who is the director of Microsoft's Trustworthy Computing division. Today, Rains gave five predictions on software security threats that he thinks will be a part of 2013.
One of his predictions, as posted on the Microsoft Security blog, concerns malware creators using software that was originally made or sanctioned by governments to go after enemy nations, such as the Stuxnet virus that tried to cripple Iran's nuclear program in 2010. He says that a portion of the Stuxnet virus was picked up by other malware makers to exploit some software vulnerabilities. He states:
The barriers to entry for criminals to leverage highly sophisticated techniques in their attacks are lowered each time the malware and vulnerabilities that highly skilled professionals develop and use, are discovered. This is likely to amplify the unintended consequences of espionage in the coming years.
Rains also believes that more malware creators will attempt to deliver their software inside apps, movies and music in 2013 and that drive-by attacks and cross-site scripting attacks will become more prevalent in the next year. Developers of rootkits will also evolve their programs, now that Microsoft is using the Unified Extensible Firmware Interface (UEFI) and secure boot for Windows 8.
Finally, Rains believes that it will be harder to go after some software due to constant automatic updates. He says, "For example, following a surge in detections that peaked in the third quarter of 2011, detections of exploits that target vulnerabilities in Adobe Flash Player have decreased significantly in every subsequent quarter, likely due to the ease of keeping it updated."