From The Sip Trunking Experts

TMCNet:  nCircle Predicts Exploits of Yesteryear Will Mutate in 2013

[December 18, 2012]

nCircle Predicts Exploits of Yesteryear Will Mutate in 2013

Dec 18, 2012 ( via COMTEX) -- Lamar Bailey, Director of Security Research and Development with nCircle, has released his top five security threats to watch out for in 2013.

The New Year - and beyond - he predicts, will be a time of highly adaptive security threats, with four main strands - cyber-criminals, cyber-terrorists, political hacktivists and rogue employees - conspiring to create severe headaches for IT security professionals in all classes of public and private sector industries.

"The key thing to remember about these threats is that - whilst some of them may ostensibly appear to be old - they are still very much alive and kicking and will be exploited further in 2013 as the hackers upgrade and invigorate them. This is an important issue, as some security vendors allow older exploits to `drop off' their first line defences in order to store as many attack methodologies in memory as possible," he said.

"This trend is something we know that today's cybercriminals are very well aware of, as they monitor the IT security newswires and reports as all professionals do on a regular basis - and then optimise their planned attack strategies to maximise the chances of compromising a targeted system," he added.

One of the key issues that nCircle's director of security says will be crucial in 2013, is the trend of exploiting extensible code platforms such as ActiveX, HTML5, JavaScript and the many variants of multimedia - most of which are an evolving environment, especially against the backdrop of the new Windows 8 operating system.

Put simply, he adds, this means that cybercriminals can - and will - discover new malware insertion methodologies that allow them to monetise their frauds, steal data, raid company bank accounts and hit corporate reputations where it hurts most: on the bottom line.

Bailey's five top IT threats to watch out for 2013 include: Adobe Acrobat and Reader security flaws - although Adobe's extensible code has been around since 1982, but we continue - to this day - to see a steady stream of attacking code.

SQL injection threats - SQL first became an industry standard back in 1986, since when it has been central to database software and poses a juicy target for all manner of cybercriminals.

Compromised and malicious Web sites - have been around since the mid-1990s. The evolution of HTML5 and other Web advances has shifted the threats/solutions balance up significantly in recent years.

Exploit Kits - the BlackHole exploit kit is relatively young, only dating from last year, but it has evolved rapidly to become the number one Web threat.

Zero-day Web browser threats - the evolution of the three main Web browser clients (Google Chrome, Mozilla Firefox and MS-Internet Explorer) has been rapid over the last 12 months, with silent updates and plug-ins/apps changing the dynamics of browser defence requirements. With large numbers of legacy browser client users, this poses a potentially significant security problem.

Bailey says that nCircle's observations amongst its major clients - which include which include Facebook,, the U.S. Department of Agriculture, and Vodafone- since 1998 when the company was funded, have given his research time a considerable insight into how the security threat landscape is evolving.

"This insight leads us to believe that many of the exploits of yesteryear will be revitalised in 2013 by the addition of extra coding and the raft of new hacker developers that are constantly joining the cybercriminal business," he said.

"Coupled with the flotilla of new threats emerging from the black hats of cyberspace, we strongly recommend that IT security professionals develop a strategy of patching, remediating and reviewing their existing - plus ongoing - defences and defence strategies," he added.

"IT security professionals must wake up and smell the coffee. They really do need to adapt to the new and constantly changing threat landscape, otherwise the cybercriminals will end up winning the battle for their digital assets," concluded Lamar Bailey, Director of Security R&D, nCircle.

About nCircle nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.

nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at

nCircle is a registered trademark of nCircle Network Security, Inc. All other registered Read the full story at

[ Back To SIP Trunking Home's Homepage ]

Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner

Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.