According to the Trend Micro 2010 Future Threat Report, cloud computing and virtualization -- while offering significant benefits and cost-savings -- move servers outside the traditional security perimeter and expand the playing field for cybercriminals. The industry already witnessed Danger/Sidekick's cloud-based server failure that caused major data outages in November 2009, highlighting cloud-computing risks that cybercriminals will likely abuse. Trend Micro believes cybercriminals will either be manipulating the connection to the cloud, or attacking the data center and cloud itself.
The Internet infrastructure is changing, opening more opportunities for cybercrime
The "next-generation" protocol designed by the Internet Engineering Task Force, Internet Protocol v. 6, is still in the experimentation stages of replacing the current IPv4, now 20 years old. As users start to explore IPv6, so will cybercriminals, and we can expect to see proof-of-concept elements in IPv6 start to materialize in the upcoming new year. Possible avenues for abuse include new covert channels or C&C. But don't expect active targeting of IPv6 address space--at least not in the very immediate future.
Domain names are becoming more internationalized and the introduction of regional top-level domains (Russian, Chinese, and Arabic characters) will create new opportunities to launch age-old attacks through look-alike domains for phishing - using Cyrillic characters in place of similar looking Latin characters. Trend Micro predicts this will lead to reputation problems and abuse that will challenge security companies.
Social media and social networks will be used by cybercriminals to enter the users' "circle of trust"
Social engineering will continue to play a big role in the propagation of threats. But given the increasing saturation of social media with content intended to be shared via online social interactions, cybercriminals will definitely try to penetrate and compromise popular communities more than ever in