The “Cloud” will increasingly be used for malicious purposes
Cloud-based services, such as Amazon Web Services (AWS), Microsoft Azure, and GoGrid, provide businesses and users with easy-to-use, rent-as-you go opportunities for storage and large-scale computing at a low cost. But these services also are an attractive target for cybercriminals and spammers to leverage for misuse. Websense predicts that in 2009 – we will see an increase in misuse of the “cloud.” The cloud may be used simply to send spam or to launch more sophisticated attacks including hosting malicious code for downloads, uploading stats, and testing malicious code.
 An increased use of Rich Internet Applications (RIAs) like Flash and Google Gears for malicious purposes
There is growing adoption of browser-based Web applications that are either replacing or being used alongside traditional desktop applications. Examples include Web-based CRM systems, Google Docs and other Web-based office tools. Creating a rich Internet experience through a browser-based application is created with technology called Rich Internet Applications (RIA). With the explosion of demand for these applications, for developers who use RIA technologies such as Google Gears, Air, Flash and Silverlight to build large Web 2.0 Internet applications, security is an afterthought, opening up the door for cybercriminal abuse. With RIA popularity exploding, we predict that in 2009 we will see some large scale attacks using both exploits found within the core RIA components as well as the user-created services that allow attackers to remotely execute code on user's machines.
 Attackers take advantage of the programmable Web
The Web 2.0 world is one in which open Web APIs, mashups, gadgets etc, allow Web sites to share and use functionality from other Web sites. Web API’s are being released at a record rate leaving little time for testing, and requiring a level of trust between users. Websense believes that in 2009 – there will be a rise in the malicious use of some Web service API’s to exploit trust and steal user credentials and confidential information.
 A significant rise in Web spam and malicious posting of content into blogs, user-forums and social networks
The rise in the number and popularity of Web sites that allow user-generated content will lead to a significant rise in Web spam and malicious posting of content into blogs, user-forums, and social networks sites for search engine poisoning, spreading malicious lures, and duping users into fraud. Additionally, this threat will be augmented by several new Web attack toolkits that have emerged that allow attackers to discover sites that allow posts and/or have vulnerabilities. Additionally more BOT’s will add HTTP post functionality into their capabilities.
 Attackers will move to a distributed model of controlling botnets and hosting malcode
This year we saw two California-based hosting companies McColo and Intercage/Atrivo shut down by upstream providers for hosting botnet command and control (C&C) servers as well as malicious code. Shutting down McColo had the effect of a 50 percent drop in all spam on the day it was shuttered. Shutting down Intercage/Atrivo had a similar effect plus substantially mitigated the “Storm” botnet from spreading. We predict that because these botnet groups have thus far depended on only a few providers to host their C&C servers, they will distribute their servers as well as move to foreign hosting providers, making it harder for upstream providers, the Internet community and law enforcement to find and shut them down.
(6) A continued siege against Web site with “good” reputations
In 2009 we will see more than 80 percent of all malicious content hosted on sites with “good” reputations. We will see more big name Web site compromises and more compromises of Web sites in the Alexa top 100,000 most visited. This includes regional attacks on popular Web sites in select properties, popular sporting sites, news sites, and continued placement of IFRAME’s and other malicious redirection code within them.