The top security threats of 2007 will include the increased production of malware by organized crime for monetary gain.
McAfee's predictions for this coming year include the increased prevalence of password-stealing websites, an uptick in image spam, data loss, theft at the corporate level, and continued concern about vulnerabilities in widely used software.
Also disturbing to McAfee researchers is the rising trend of zero-day vulnerabilities appearing a day or two after Patch Tuesday, giving malicious users a window to attack Microsoft operating systems.
Consumer fears about web security caused a $2 billion loss in ecommerce and banking transactions in 2006, according to analyst firm Gartner.
Nearly half of 5,000 adults surveyed by the firm said their concerns about information theft, data breaches and web-based attacks affected their purchasing payments, online transactions and email behavior.
More than 10 percent of respondents said they spent less than half as much this year as in the past because of web safety concerns.
A re-energized Democratic Party, in control of both houses of Congress for the first time in 12 years, may pay more attention to information security and privacy matters, according to experts.
Paul Kurtz, partner and chief operating officer, Good Harbor Consulting, cited Sens. Patrick Leahy, Chuck Schumer, Ben Nelson and Dianne Feinstein, all Democrats, as four lawmakers chomping at the bit to take the lead on a federal data security and breach notification law.
However, Marne Gordan, director of regulatory affairs at Cybertrust, said the election has a downside. Influential, tech-savvy Reps. Tom Davis and Adam Putnam will both be a part of the Republican minority.
For the first time, the SANS Top 20 included human error in its twice-yearly list of major threats, which was, until recently, reserved solely for technology.
Vulnerabilities in software and malware still made up the majority of the Top 20, including a surge in exploits targeting web applications and non-Internet Explorer applications, such as Microsoft Office.
The report also cited social engineering attacks as a grave and growing threat, and craftier hackers responding more quickly to regular patch schedules.
Voters and non-voters alike were the targets of political spam messages, which flooded citizens' inboxes in the days leading up to November's mid-term elections.
Hundreds of thousands of email users received unsolicited messages from Democratic and Republican candidates — and their supporters — in the days leading up to the Nov. 7 poll.
Political spam is not regulated by the CAN-SPAM Act
or other federal regulations, according to experts.