Cisco: Cyber criminals dropping mass spam in favor of targeted attacks

Summary:As the first half of 2011 draws to a close - six months that have seen some of the most serious online security breaches for enterprise and government ever - Cisco Security has published a new security report addressing the shift in activity for cyber criminals.

As the first half of 2011 draws to a close - six months that have seen some of the most serious online security breaches for enterprise and government ever - Cisco has published a new security report addressing the shift in activity for cyber criminals.

There is a bright side and a very dark side to the results of this report, titled "Email Attacks: This Time It's Personal," which was based on responses from 361 IT professionals from 50 countries.

Speaking at a media event in San Bruno, Calif. on Thursday, Tom Gillis, vice president and general manager for the Security Technology Business Unit at Cisco, explained what Cisco has seen as the "evolution of the threat landscape," which can be broken down as the "Four Cs" of motivation:

  • Competition (Notoriety by hitting people with email attacks worldwide)
  • Commerce (Spam, selling things like herbal remedies, etc.)
  • Crime (Stealing credit card and social security numbers)
  • Country (More politically motivated, sophisticated attacks)

As far as mass spam goes, the incentive and actual action of those attacks have dropped considerably. Let's take a look at some of the positive highlights from the study:

  • Daily mass spam volumes dropped from 300 billion messages in June 2010 to 40 billion
  • Financial returns from mass spam/e-mail attacks declined by over 50 percent from $1.1 billion in June 2010 to $500 million in June 2011

However, according to Patrick Peterson, a chief security researcher at Cisco, the nature and rewards for more serious heists, such as targeted attacks, are much more lucrative. This shift really took place somewhere around 2010, which is evident based on the previous numbers.

Here's a snapshot of where more serious attacks are heading as the major security attacks shift from mass spam to personalized attacks:

  • In the last 12 months, Spearfishing attacks have increased threefold; personalized scams, malicious and targeted attacks have all risen fourfold
  • Fishing campaigns can net at least 10 times the profit of a mass spam attack

Now let's examine the bottom line: what is this costing enterprises and even governments worldwide? Overall, the estimated cost of targeted attacks to organizations is $1.29 billion annually. Cisco estimates that figure breaks down to for every $1 lost due to infected users, enterprises spend an additional $2.10 for remediation and then $6.40 for reputation repair.

So what are we all to do? Obviously, enterprises and governments are leaving too many loopholes open to personal data of customers and citizens.

Granted, there has been much more media hype about hacking and security breaches this year, especially after the attack on Sony's PlayStation Network in April. That just led to a flood of attention on the part of the media, consumers/citizens and hackers who saw an opportunity.

Nevertheless, everyone has to take more action against cyber attacks. That's not just corporations (who definitely have a responsibility to their end users), but also the end users as well by being more vigilant and conscientious when using email, sharing account information, installing firewalls, etc.

This is also an opportunity for a number of IT-focused enterprises worldwide, including Cisco, as obviously the need for new and better digital security platforms is prevalent. There's the saying that "any publicity is good publicity," but that isn't necessarily true for businesses who have been victims of major hacking jobs, such as Citigroup, Sega and Nintendo. These corporations are going to need to step up their security standards, and that's where this could be suddenly profitable for tech companies focused on developing security solutions.

Related:

Topics: Cisco

About

Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider, FastCompany.com, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for MainStreet.com, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.