Top 10 security threats in 2008

Many of this year's security trends will continue into the next, says security vendor McAfee which predicts a heightened focus on Web-related threats.

McAfee has released its top 10 security predictions for 2008, which include recurring online threats and a rise in communications-related threats targeting VoIP (voice over Internet protocol) and instant messaging platforms.

In a statement Friday, the security vendor also identified Windows Vista as an emerging threat. While take-up for Microsoft's latest operating system was not high this year, McAfee predicts that a rise in adoption next year will increase the risk of Vista-related threats.

Top 10 security threats for 2008:

1. Social networking and Web 2.0 The recent publicity of compromises and presence of malware on social networking sites, such as Salesforce.com, Monster.com and MySpace, shows a trend toward malicious attackers targeting these popular sites.

With the sites making it easier to access personal information, users are increasingly open to attacks, with the information shared lending the attacks "more authenticity", said McAfee.

The security vendor expects a "large increase" in Web 2.0 targets next year.

2. Botnets on the rise
With the fuss over the havoc that was created by the Storm worm this year, McAfee sees the proliferation of botnets continuing on into next year.

"Storm created the largest peer-to-peer botnet ever. [We] expect others to ride the coattails of that success, pushing up the number of PCs turned into bots," stated McAfee.

It has also been the "most versatile malware on record", with "thousands of variants... more infection methods and social engineering schemes than any other threat in history", said the company's release.

Aiding the proliferation of the botnets is the high-profile prosecution of bot herders this year--McAfee expects criminals to "seek better ways to cover their tracks", as a result.

3. Instant messaging
Although the occurrence of a "flash" worm spreading via instant messaging, and instantly infecting millions around the globe has not happened yet, McAfee believes the possibility is "closer than ever".

The number of vulnerabilities in popular instant messaging applications more than doubled this year compared to 2006, with 10 of those threats this year considered high-severity, while none last year were, according to the security company.

4. Online gaming
Virtual economies are seeing an increasing threat that is "outpacing the growth of the threat to the real economy", said McAfee, citing the rise in password-stealing Trojans targeting online communities compared to banks.

"As virtual objects continue to gain real value, more attackers will look to capitalize on this," said McAfee.

5. VoIP attacks on the rise
With more than double the number of security vulnerabilities reported for VoIP (Voice over Internet Protocol) this year compared to 2006, "it is clear that VoIP threats have arrived and there's no sign of a slowdown", said McAfee.

One reason for this is that defense strategies are currently lagging behind the relatively new technology, explained McAfee, which expects a 50 percent increase in VoIP-related threats in 2008.

6. Virtualization transforming information security
Although security vendors are embracing virtualization to aid in security defense, McAfee expects malware authors to play the "classic game of cat and mouse", eventually finding ways to defeat the current virtualization developments by the security companies.

7. Windows Vista
Windows Vista is set to gain additional market share next year, crossing the 10 percent mark, including the release of Service Pack 1 set for 2008, which is likely to bump up adoption figures.

"As Vista becomes more prevalent, attackers and malware authors will start in earnest to explore ways to circumvent the operating system's defenses...we can expect a lot more Vista vulnerabilities to be reported in 2008," predicted McAfee.

8. Phishing to grow
McAfee expects "smaller, less-popular sites" to be targeted, as a result of top-tier sites strengthening their walls.

Furthermore, password-stealers may exploit user carelessness and apathy toward good security practices. "Knowing that a large percentage of people reuse their usernames and passwords, less popular sites are likely to be targeted more frequently than before, giving criminals the same access," stated the release.

9. Parasitic crimeware to regain popularity
Although the viruses that sit on the user's disk, modifying existing files "faded into the background" in recent years, 2007 saw the rise of "old school crimeware" such as Grum, Virut and Almanahe.

This year also saw the resurrection of an older threat, Philis, with its variants growing by over four times; 400 variants of a newcomer, Fujacks, were also noted by the security firm.

All these indicate a renewed interest in parasitic malware, and McAfee projects its growth to be 20 percent in 2008.

10. Adware continues its decline
Perhaps the only positive news in the list, adware is set to carry its decline from this year into 2008. McAfee attributes this to government crackdowns, better defensive systems and the increasingly-negative connotation associated with this form of advertising.