The two most common questions I hear around this time of year are:what do you think the biggest trend of the year was and what do youthink the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.
Obviously, the debut of a new operating system brings with it newfeatures for both the research community and malicious code authors toscrutinize. It’s simple to expect that we’ll see new attack attempts onMicrosoft Vista. What’s more interesting are trends we’re likely to seethat don’t even touch the physical hard drive of a computer. Web 2.0technologies have already begun to capture attacker interest andmotivation. As adoption continues to grow and dependence on these Webapplications increases, the impact and frequency of these issues willrise.
Consider the possibilities that user-created content brings to thetable. It can host exploits, distribute spyware, spread maliciousfiles, post unwanted advertisements, or link back to malicious Websites, which also engage in all of the above.
In addition, Web-based applications built on AJAX createcontent-rich user experiences. However, the potential amount of datathat AJAX-based applications can store client-side has major privacyimplications. Additionally, AJAX applications allow for great codescrutiny by potential attackers who might seek vulnerabilities toleverage in a variety of attack types.
As we embark upon 2007, we must also keep a careful eye on thetechnologies embraced by today’s youth, such as instant messaging andtext messaging, which will likely become a larger battleground foronline threats. So-called “millennials” possess technology skills, butnot necessarily life skills, which makes them susceptible to onlinefraud schemes. It is important to develop Internet street smartswhether you’re 16 or 60.