1. The "Cloud" will increasingly be used for malicious purposes
Cloud-based services, such as Amazon web Services (AWS), Microsoft Azure, and GoGrid, provide businesses and users with easy-to-use, rent-as-you go opportunities for storage and large-scale computing at a low cost. But these services also are an attractive target for cybercriminals and spammers to leverage for misuse. Websense predicts that in 2009 - we will see an increase in misuse of the "cloud." The cloud may be used simply to send spam or to launch more sophisticated attacks including hosting malicious code for downloads, uploading stats, and testing malicious code.
2. Increased malicious use of RIAs like Flash and Google Gears
There is growing adoption of browser-based web applications that are either replacing or being used alongside traditional desktop applications. Examples include web-based CRM systems, Google Docs and other web-based office tools. Creating a rich Internet experience through a browser-based application is created with technology called Rich Internet Applications (RIA). With the explosion of demand for these applications, for developers who use RIA technologies such as Google Gears, Air, Flash and Silverlight to build large web 2.0 internet applications, security is an afterthought, opening up the door for cyber criminal abuse. With RIA popularity exploding, we predict we will see some large scale attacks using both exploits found within the core RIA components as well as the user-created services that allow attackers to remotely execute code on user's machines.
3. Attackers take advantage of the programmable web
The web 2.0 world is one in which open web APIs, mashups, gadgets etc, allow web sites to share and use functionality from other web sites. web API's are being released at a record rate leaving little time for testing, and requiring a level of trust between users. websense believes that in 2009 - there will be a rise in the malicious use of some web service API's to exploit trust and steal user credentials and confidential information.