“Cybersecurity is the issue that touches all of us both in our business capacities and as individuals in terms of the way our families deal with our own home computers. It is an issue that will continue to be on the front burner through the next administration,” Homeland Security Secretary Michael Chertoff said Wednesday in a speech at the Washington DC Chamber of Commerce.

Looking ahead to the cybersecurity challenges that will be burn on that front burner next year, The Georgia Tech Information Security Center (GTISC), Atlanta, Ga. Wednesday released its annual GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year. The report was released at the annual GTISC Security Summit on Emerging Cyber Security Threats – a gathering of leading industry and academic leaders from organizations with a stake in protecting the online user community attended by more than 300 corporate executives, industry leaders and technologists from across the country.

For 2009 the report forecasts five key cyber security areas where threats are expected to increase and evolve.

The first area is Malware, specifically under the guise of benign social networking links. The report cites Ryan Naraine, security evangelist for Kaspersky, who believes that malware delivery, the first step in creating a bot—will become more insidious by taking advantage of poorly configured Web sites, social networking sites and false domains.

“We are projecting a 10-fold increase in malware objects detected in 2008,” Naraine predicts in the report, describing it as “hockey-stick’ growth driven by identity theft and data-focused cyber crime.”

Naraine, according to the report, expects criminal senders to use better social engineering techniques to cloak malcode in what appears to be legitimate email with acceptable Web links.

“As cyber criminals move beyond mass-distribution style phishing scams,” he says in the report, “ they are learning how to localize and personalize their attacks for better penetration. Social networking sites like MySpace, Facebook and others will likely be used as delivery mechanisms to get unsuspecting users to a malicious Web site link in order to deliver malware. In the coming year, GTISC and other security experts also expect more targeted spear-phishing vehicles to install malware and/or steal data.”

The report further predicts Botnets will become a more dangerous cybermenance, specifically via the spread of botnet attacks to wireless and peer-to-peer networks.

In its 2008 report GTISC had estimated in last year’s report that 10 percent of online computers were part of botnets, defined as groups of computers infected with malicious code and unknowingly controlled by a malicious master. This year, the report says, GTISC researchers estimate that botnet-affected machines may comprise 15 percent of online computers. “Prompted to act in unison,” the report says, “ bots become bot armies that harness considerable computing power to engage in a variety of malicious activities, including data theft (social security numbers, credit card information, trade secrets, denial of service attacks and spam delivery.

The report also predicts cyberwarfare, including targets on the US economy and infrastructure, will become more prevalent.

As the report puts it, “Security experts consulted by GTISC believe cyberwarfare will accompany traditional military interaction more often in the years ahead. They expect it will also play a more shadowy role in attempts by antagonist nations to subvert the U.S. economy and infrastructure.” “Consider the cyber attacks that occurred between Russia and Georgia earlier this year as a model for military cyber engagements in 2009 and beyond,” it adds.

Yet another looming threat involves mobile communications.

“The cell phone is becoming an entirely new tool especially outside the US,” the report says, “ where accessing the Internet from a mobile device can provide a better experience than traditional fixed computing. VoIP technology also continues to improve and will rival landline and mobile communications in terms of reliability and call quality.”

As Internet telephony and mobile computing handle more and more data, the report predicts they will become more frequent targets of cyber crime.

“Sources of cyber crime will become increasingly organized and profit-driven in the years ahead,” the report warns. The report outlines three tiers of cybercrime organization observing that the evolution of cybercrime threat networks is moving quickly toward the top of the funnel from low-level criminals who use kits to create the specific malware required for their targeted crimes, to skilled developers and collectives of technical experts creating new components to embed within their commercial malware creation kits to a top tier managed service providers that wrap new services around malware kits to increase propagation and enable organized fraud on a global scale, feeding gains back into existing money laundering chains.