1. Web 2.Uh-Oh
The glories (and dangers) of Web 2.0 applications will continue to be an issue in 2009. Hackers will use techniques that resemble normal code, like IFRAMES, and will also continue to leverage Internet browsers and other Web-enabled applications (such as Flash and streaming media players, among others) as infection vectors of choice. The release of Google Chrome, the upcoming official release of Internet Explorer 8, and the rise of browser-as-a-platform applications (e.g., Microsoft Silverlight and Adobe Integrated Runtime) will serve as new avenues for exploitation.

2. Alternative Operating Systems
Every good thing must come to an end, including the supposed safety of “alternative” platforms. Threats exploiting bugs on alternative operating systems will grow, especially with the increasing popularity of Mac and Linux (the latter because of the booming Netbook market).

3. Microsoft—the Eternal Target
Malware authors just love to pick on Microsoft and 2009 promises to be no different. Look for malware activity around the release of Windows 7 as cyber criminals will undoubtedly test any claims that the new Windows is “virus-free.” Proof-of-concept malware will also exploit Microsoft Surface, Silverlight, and Azure. Also, cyber criminals will continue to employ a more professional approach to leverage the exploit window of opportunity presented by Microsoft’s monthly “Patch Tuesday” schedule,” in which zero-day exploits continue to trouble Microsoft users.

4. Social Engineering Hits the Big Time
Cybercriminals will continue to leverage events, celebrities, and political figures as social engineering bait. U.S. elections-related malware will continue until (and after) the president-elect steps into the Oval Office in January, while gamers anticipating upcoming releases of Starcraft 2 and WoW: Wrath of the Lich King should also be wary. And capitalizing on the global financial crisis, cyber criminals will play on the consumer landscape of thrift, creating economically-themed emails, fake e-coupons, bogus work-at-home schemes, and other efforts to cash in on consumers’ desire to save money.

5. Cyber Gang Wars
Security researchers are seeing virus wars, worm wars, and botnet wars—due to increasing competition for financial gains from phishing and fraud, as well as the downsizing of criminal cyber gangs, and improvements in security solutions. Look for growing competition in Eastern Europe vs. China to determine which country’s crooks will be the first to include the latest exploits in their exploit kits.

6. The Growing Reality of Virtual Threats
Many threats encountered in the real world also crop up in the virtual world. Since cybercriminals need large audiences to perpetrate their crimes, they have begun preying on residents in virtual worlds and players in online games. The number and kind of threats in virtual worlds runs the gamut of human behaviour and can be as innocent as password sharing between partners, as sophisticated as real estate fraud, and as malicious as gangs hunting for newbies to kill. Look for virtual threats to become an even greater problem in 2009.

7. Broken Down DNS
Cyber criminals will leverage identified loopholes in the DNS (domain name system) registry loopholes to perpetrate their schemes. According to experts, bad guys are already using the poisoned DNS cache to create covert communications channels, bypass security measures, and serve-up malicious content. Although the security community, including Trend Micro, is working closely with registries/registrars where possible, this is an issue that ICANN (Internet Corporation for Assigned Names and Numbers) must address.

8. Underground Economy Continues to Flourish
Cyber crime has become big business and unfortunately, 2009 will witness its continued growth. Increases in info-stealing malware, geared toward stealing login credentials and banking and credit card information, will continue to thrive because that’s where the money is, and let’s face it—most cyber crime is financially motivated.

9. Clever Malware on the Rise
Advancements in malware technologies are a sure bet as malware authors continue to develop and release code that aims to avoid detection and consequent removal. Thus, you will see more malware families but fewer variants, making it more and more difficult for AV companies to create heuristic patterns to detect them. The bigger problem is the sheer size and frequency of updating these pattern files—actually a greater problem than the malware itself!

10. Good Guys on the Horizon
Not all news is grim. Effective community efforts are beginning to take down offending threat vectors. Collaborative efforts are becoming increasingly well planned, coordinated, and targeted—a breath of fresh air in a movement that says “enough with the hand wringing, and time for action.” As people become more fed up with the audacity of cyber criminals and pockets of identified criminal activity, community sourced efforts will expose more Bad Actors, such as the takedown of Atrivo/Intercage and McColo in 2008. Good news!.