Font Size Change

HOMEIT SecurityMeasures for Information Security Vulnerabilities“10 Major Security Threats 2013"


IT Security

“10 Major Security Threats 2013"

Aug 27, 2013

This report explains the threats surrounding information systems these years based on the insights and opinions of the 10 Major Security Threats Committee, which consists of 117 people in the field of information security like researchers and corporate IT staff. It has 3 chapters.

  • Chapter 1: History of Information Security
    Chapter 1 looks back the history of information security from 2001, where security was beginning to take roots in the society, to 2012.
  • Chapter 2: List of 10 Major Security Threats 2013
    Chapter 2 gives the rank and description of the 10 major security threats in 2012 selected by the 10 Major Security Threats Committee by vote.
  • Chapter 3: Rising Threats
    Chapter 3 discusses about 3 threats as the threats that would grow more and more apparent within coming years based on the voting of the 10 Major Security Threat Committee members.

IPA hopes this report will help the public understand and respond to the situation surrounding information security these days and be leveraged in security training and education programs at the companies.
Download the Report:

Download the Report:

10 Major Security Threats 2013
~ They Are About To Get You and You Just Don’t Know Yet ~

Summary of the 10 Major Security Threats (Chapter 2)

The rank order and summary of the 10 major security threats selected by the 10 Major Security Threats Committee by vote are the following:

1st :Attacks Exploiting Vulnerability in Client Software

By exploiting vulnerability in client software, an attacker could inflict damage, such as infecting PCs with virus and stealing information stored in the affected PCs and systems. Users are required to keep the client software up-to-date.

pic. 1st

2nd :Targeted Espionage Attacks

Just like 2011, the attacks against government agencies and aerospace industry were reported by the media, and it is suspected that classified government information and special technologies might be stolen. It was addressed in the policy council meetings and has even become an issue that affects the national interest.

pic. 1st

3rd :Malicious Applications Targeting Smart Devices

Techniques to collect personal information are growing in sophistication. The cases are increasing where the malicious applications that make the users believe they offer a very attractive feature steal personal information like the address book data, targeting the rapidly-increasing users of smart devices, such as smartphones and tablets.

pic. 1st

4th :PC Hijack with Remotely Controlled Virus

Malware-infected PCs have been exploited in spamming and DDoS Attacks. In 2012, a remote attacker posted murder notice and threatening messages on the message boards by remotely controlling the PCs the attacker had infected with the so-called Remote Control Virus and the owners of the infected PCs were mistakenly arrested.

pic. 1st

5th :Malware Aiming to Steal Money

Since about 2011, the cases have begun to be reported abroad where the credential for internet banking services was stolen by virus and that caused financial loss. Since 2012, the incidents using the same techniques have been confirmed in Japan as well.

pic. 1st

6th :Unforeseen System Outage

While the use of cloud computing is spreading, in 2012, we saw a large scale failure occurred at a rental server service caused by human error. As the risk of system outage due to natural disaster was highlighted by the 2011 Tohoku Earthquake, organizations are required to prepare for unforeseen circumstances.

pic. 1st

7th :Attacks Targeting Websites

Even though attacks targeting websites have been known for quite some time, there seems to be regrettably no end to a line of victims. They steal personal information handled by websites and/or infect the visitors’ PC with virus through website breach, impacting both organizations and individual users.

pic. 1st

8th :Password Cracking

As online services increase, users need to manage multiple passwords. As a result, many users have been increasingly reusing the same ID/passwords again and again, and in turn, password breach at one website could make them a victim of spoofing at multiple websites.

pic. 1st

9th :Internal Attacks

The incidents like information leak or malicious use of the systems conducted intentionally by internal users have been reported. Since they are a legitimate, authorized user, it is difficult to prevent and the damage tends to be larger.

pic. 1st


In 2012, phishing attacks impersonating major banks were widely observed and banks and security vendors called for caution. If the password for internet banking is stolen through phishing, it is possible that money is taken away from the user’s account without knowing.

pic. 1st


IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)