Websense has issued its annual security predictions for 2008—with content-based threats topping the list. Specifically, the Websense Security Labs expects: the Olympics will spur a flurry of hacker activity such as compromises of popular Olympic news or other sports sites; hackers will leverage the increased adoption of Macs and iPhones as new means for cross-platform Web attacks; special interest groups that fall within a certain age group, wealth bracket, or people with particular purchasing habits, will become targets of Web 2.0 attacks; and spam will increase in the blogosphere and “talk back” sections of news sites to drive traffic and increase search engine rankings of infected Web sites.

"Looking at the current attack trends, cyber criminal techniques are evolving quickly and efficiently to not only evade detection, but to steal data and manipulate trusted content such as Web sites and applications,” said Dan Hubbard, vice president of security research, Websense. “It’s critical that organisations and individuals recognise that attackers are changing techniques and launching targeted attacks.”

Websense 2008 Security Threat Predictions

1. Olympics – New cyber attacks, phishing and fraud event-based attacks and scams are popular, and with the whole world watching, the 2008 Olympics may fuel a surge in cyberattacks.

2. Websense predicts that hackers will increasingly use Web spam to post URLs to malicious sites within forums, blogs, in the commentary or “talk-back” sections of news sites and on compromised Web sites.

3. The advent of Web 2.0 additions such as Google Adsense, mash-ups, widgets, and social networks along with the massive amounts of Web advertisements linked to Web pages have increased the likelihood of ‘weak links’—or Web sites and content that are vulnerable to compromises. Websense predicts that attackers will increasingly exploit the weakest links within the Web infrastructure in order to target the greatest number of Internet users.

4. Number of compromised Web sites will surpass number of created malicious sites. The Web as an attack vector has been steadily increasing for the last five years and now attackers are using compromised sites as their launching platforms—even more than their own created sites.

5. Cross-platform Web attacks –With the brand popularity and growing use of iPhones and Macintosh computers, Websense researchers predict attackers will increasingly launch cross-platform Web attacks that detect the operating system in use and serve up code specifically targeting that operating system instead of attacks based on just the Web browser.

7. Morphing JavaScript to evade anti-virus scanners: Hackers are upping the ante with evasion techniques that use poly-morphic JavaScript (Polyscript) – which means that a uniquely-coded Web page is served up for each visit by a user to a malicious Web site.

8. Websense predicts an increased use of crypto-virology and sophistication in data concealment including the use of stenography, embedding data within standard protocols, and potentially within media files.

9. Global law enforcement will crack down on key hacker groups. Websense anticipates that through the global cooperation of enforcement agencies, in 2008 the biggest crackdown and arrests of key members of a hacker group will occur.

10. Websense predicts that “vishing”, or the practice of using social engineering and Voice over IP (VoIP) to gain personal and financial information and voice spam will combine and increase.