The two most common questions I hear around this time of year are: what do you think the biggest trend of the year was and what do you think the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.
Obviously, the debut of a new operating system brings with it new features for both the research community and malicious code authors to scrutinize. It’s simple to expect that we’ll see new attack attempts on Microsoft Vista. What’s more interesting are trends we’re likely to see that don’t even touch the physical hard drive of a computer. Web 2.0 technologies have already begun to capture attacker interest and motivation. As adoption continues to grow and dependence on these Web applications increases, the impact and frequency of these issues will rise.
Consider the possibilities that user-created content brings to the table. It can host exploits, distribute spyware, spread malicious files, post unwanted advertisements, or link back to malicious Web sites, which also engage in all of the above.
In addition, Web-based applications built on AJAX create content-rich user experiences. However, the potential amount of data that AJAX-based applications can store client-side has major privacy implications. Additionally, AJAX applications allow for great code scrutiny by potential attackers who might seek vulnerabilities to leverage in a variety of attack types.
As we embark upon 2007, we must also keep a careful eye on the technologies embraced by today’s youth, such as instant messaging and text messaging, which will likely become a larger battleground for online threats. So-called “millennials” possess technology skills, but not necessarily life skills, which makes them susceptible to online fraud schemes. It is important to develop Internet street smarts whether you’re 16 or 60.