Attacks against web and SaaS applications comprised just 4% of all cybercrime attacks in 2009, but by July 2010 accounted for 45% of all attacks, outstripping SQL injection, viruses and attacks via FTP.

That finding comes from a new study by firewall vendor SonicWall, examining the biggest threats seen in the first half of 2010.

SonicWall said it's seeing a shift from "simple scams, such as phishing exploits, spoofing of organizations, worms and viruses, to more sophisticated attacks shutting down network servers and cloud-based systems." These more sophisticated and sometimes blended attacks are more difficult to stop than traditional attacks, since they're more likely to exploit never-before-seen, zero-day vulnerabilities and thus foil signature-based defenses.

"With the sophistication of today's attacks, companies need to anticipate that heuristics, algorithms and behavioral analysis will be needed to supplement the security signatures that corporations receive," said Boris Yanovsky, vice president of software engineering at SonicWall.

One measure of the increasing prevalence of more sophisticated attacks is the volume of malware circulating online, which has increased markedly. Indeed, SonicWall said that the number of instances of malware it detected grew from January to July 2010 by a factor of three -- from 60 million to 180 million. On a daily basis, the firm is now seeing about 3 million malware attempts, 400 million attempted online intrusions and 400 million spam emails.

In the first half of 2010, SonicWall also saw a marked increase in the amount of phishing attacks which utilize tax scams, affecting not just the United States and United Kingdom -- historically popular targets -- but increasingly also Australia, Canada, China and India.

While the SonicWall study rounds up the last six months in cybercrime, what might organizations anticipate, going forward? Expect more malware aimed at smartphones, Apple OS X and iOS, Adobe Acrobat, and smartphones, said Yanovsky. "We also anticipate hacks will exploit bots developed by SpyEye," he said. "This new, web-based crimeware toolkit simplifies stealing financial and sensitive personal information."