Ongoing improvements in network security will encourage organized cybercrime groups to think about the long con. Somewhere next year, expect someone with access to data at a large organization to be caught working for or with a cybercrime group. The Identity Theft Resource Center anticipates a rising number of insider cases because of failure to follow basic workplace security protocols.
Contrarian view: As above, but the organization will be able to hide the incident, at least until 2011. This prediction has the added benefit of being difficult to prove wrong next year.
10. Clickjacking Strikes Back
Zscaler believes that the clickjacking vulnerability -- a way to alter a Web app's user interface to dupe users into clicking on concealed buttons -- will be employed in attacks more frequently. Jeremiah Grossman, founder and CTO of WhiteHat Security, and Robert "RSnake" Hansen, founder and CEO of SecTheory, disclosed information about the technique in October 2008. While some effort has been made to mitigate the risk of clickjacking, Zscaler says the technique can still be effective, particularly in attacks with a social engineering component.
Contrarian view: Why bother ,when you can just launch a window that displays a fake security scan and get clueless users to pay for fake security software? Ignorance is a vulnerability that isn't easy to patch.
For Further Reading: