Zwölf Sicherheitsexperten haben für das SANS Institute ihre Einschätzung über die größten IT-Gefahren 2008 gegeben:
- Increasingly sophisticated website attacks that exploit browser vulnerabilities – especially on trusted websites.
- Increasing sophistication and effectiveness in botnets.
- Cyber espionage efforts by well resourced organisations looking to extract large amounts of data – particularly using targeted phishing.
- An increase in mobile phone threats, especially against iPhones and Android-based phones.
- Insider attacks.
- Advanced identity theft from persistent bots. Malicious agents that stay on compromised machines for months will be able to gather enough data to enable extortion attempts (against people who surf child porn sites, for example) and advanced identify theft attempts where criminals have enough data to pass basic security checks.
- Increasingly malicious spyware.
- Web application security exploits.
- Increasingly sophisticated social engineering including blending phishing with VoIP and event phishing. For example, a blended attack may include an inbound email, apparently being sent by a credit card company, asks recipients to „re-authorise“ their credit cards by calling a 1-800 number. The number leads them (via VoIP) to an automated system in a foreign country that, quite convincingly, asks that they key in their credit card number, CVV, and expiration date.
- Supply chain attacks infecting consumer devices (USB thumb drives, GPS systems, photo frames, etc.) Retail outlets are increasingly becoming unwitting distributors of malware-infected devices, the experts warns.