Enterprises should expect a continued move toward stealthier, smaller, more focused attacks on their computer security, IBM said Monday, with the weakest link -- workers' gullibility -- increasingly the focus of hacker efforts.

In its annual "Security Threats and Attack Trends Report" for 2005, IBM laid out the major events of the past year and made security predictions for the next.

It won't be pretty.

"The main thing, I think, is that the computer user will continue to be the weak link in the security model," said David Mackey, the director of security intelligence at the Armonk, N.Y.-based computer giant.

"Users, who may or may not be educated [about security risks], can be easily tricked into executing malicious files," Mackey said, noting that the rapid rise in phishing attacks -- and success by the criminals behind phishing -- is the only proof that's needed.

"It's very difficult for an enterprise to understand who has access to networks. All an attacker has to do, it seems, is send employees an e-mail to get them into running a file. An e-mail arrives with an address from inside the company saying 'run this trusted application;' that's all it takes.

"Criminals will continue to leverage users, since in some respects it's so easy to trick them."

Attackers will increasingly apply "insider" tactics to compromise networks, said Mackey, because the hardware and software security infrastructure, while far from perfect, is significantly better than in past years.

Windows, of course, remains a problem, with vulnerabilities accounting for the majority of weaknesses exploited by attackers. By IBM's count, 1o of the 11 top threats in 2005 were due to Microsoft vulnerabilities.

Continued attention to security will drive attackers "undercover" in some ways, said Mackey. They'll turn to smaller-sized "botnets" and switch to instant messaging and peer-to-peer networking technologies, rather than the traditional IRC, to control those collections of compromised machines.

"They'll strive to evade detection by going small and by using IM or peer-to-peer for command and control," said Mackey. "When an attacker controls a one-thousand bot network through one IRC channel, it's easier to block than IM or P2P."

IBM's other predictions included a warning that emerging technology markets, such as China, India, and Eastern Europe, also offer opportunities for attackers; that blogging risks divulging confidential company information; and that security threats against mobile devices need to be monitored, even though no widespread attack has materialized. IBM's report noted, as has every security narrative of 2005, that attacks have not only become criminalized -- and profitable -- but that the scale of attacks decreased as gangs tried to keep users in the dark by foregoing large outbreaks that brought down media attention. At no time did IBM's monthly threat landscape read above "medium," a mark breached three times in 2004.

And attackers are using economical globalization to hide their practices and/or keep themselves out of jail.

"Cyber criminals take advantage of poor international cooperation and launch cross border attacks with little personal risk, so the threat to and from emerging and developing countries is increasing," Mackey's report read. "It then becomes far more difficult to trace the attacks back to their source, especially when trends show attacks are increasingly originating from regions, such as Eastern Europe and Asia, where sanctions are more lenient and enforcement is limited."

There were some bright spots in 2005, said Mackey, where dire predictions at the end of 2004 just didn't pan out during the year. Unfortunately, these misses were few and far between.

"We really thought that attacks against voice-over-Internet (VoIP) and phones and handhelds would be heavy in 2005, but that didn’t' turn out to be true," Mackey said. The just-released report noted that although VoIP sniffing and replay tools exist, the threat against VoIP ended the year much like those against wireless devices: malware was few and attacks limited.

"We need to continue to monitor cell phone security though," said Mackey. "Because there's been an increased number of variations of cell phone malware."