Looking Into the Crystal Ball: The Threats for 2008

Based on a Georgia Tech Information Center report, here are the threats bound to increase and evolve over the next year - Web 2.0 and client-side attacks, targeted messaging attacks, botnets, threats targeting mobile convergence and threats to RFID systems.

"As the natural evolution of the Web progresses from 1.0 to 2.0 and beyond, more content and code from multiple and varied sources will be housed together on the client side, creating a highly complex environment for security governance and protection. In 2008, expect to see underground organizations shift tactics and focus more on Web 2.0, particularly mash-up technologies, leading to more abuses at the user end wherever possible." said Gunter Ollmann - Director of Security Strategy, IBM Internet Security Systems. So, the basic idea is that threats are evolving with the web - a thing that I guess you already knew.

As for the client-side attacks, well, as the report has it, we will see a lot of them residing in the social networking environments. We're going to see "mashup technology" exploits - the use of this technology makes security a lot harder. Also, they predict we're going to be hit by polymorphic exploitation (this means that the threat modifies itself), which means thwarting the power of signature-based protection.

Targeted messaging attacks are going to threat us through spam disguised as business content and instant messaging embedded attacks. Oh, and don't even think spam will go down! Spammers gain too much and they won't stop.

Botnets will continue to be a threat and I don't think I need to further explain this. You've already read too much news about Storm (that still hasn't been taken down) and the likes of it. What will be new is the fact that botnets might spread via P2P according to the same report.

DoS is going to affect voice infrastructure and mobile devices will surely be a target for hackers. Voice spam is to be expected - now that will certainly make any VoIP conversation feel like watching a show on TV - "Bla bla�spam�bla bla�spam".

And last, but not least, RFID is going to be targeted by automated exploit tools. They're said to allow the same course as WiFi hacking.

I've presented things briefly here, for you to get the basic idea. Nothing good is heading our way, so butch up on security! Should you want to get more details regarding this prediction, click this link.