Internet Criminals to step up "cyberwar" in 2007


The Reuters article says that experts say that criminals are going to start using social networking sites to get personal information directly and to install spyware on target machines.

What's interesting is that I earlier heard SANS predicting just the opposite, and the rationale was very interesting. The argument was that so many PC's had been infected and made part of the major botnets that over the past couple of years, renting cycles on a botnet was very cheap. This ended up skewing the botnet economy the other way - there ended up being too many buyers and not enough bots (and the number wasn't expected to grow much because the infection rate was already so high). So the prices went up, and the more sophisticated attackers were going to move back to more "conventional" methods, such as SQL injection attacks.

So the conflicting reports tells me that both are probably right - protect your apps, protect your data, and protect your users.