1. Browser Exploits
3. Espionage via Targeted Phishing
4. Mobile Devices and VoIP
5. Insider Attacks
6. Identity Theft via Persistent Bots
7. Increasingly Malicious Spyware
8. Web 2.0/Web Application Exploits
9. Blended Approaches to Phishing
10. Infected Consumer Devices
Source: The SANS Institute, January 2008
The summary is that "Cosumerized Technology" has become the most dangerous. Surprised?
Placing better attack tools on trusted sites is giving attackers a huge advantage over the unwary public.
Attacks on VoIP systems are on the horizon and may surge in 2008. VoIP phones and the IP PBXs have had numerous published vulnerabilities. Attack tools exploiting these vulnerabilities have been written and are available on the Internet. In short, the VoIP attack surface is enormous.
Tax filing scams and scams based on the U.S. Presidential elections will be widely used this year, and many of them will succeed.