Cybercriminals are giving up on spam

In a new security report, Cisco reports that a fundamental shift in strategy has taken place in the complex and ever-changing world of online crime. Instead of traditionally sending out massive amounts of spam, cybercriminals prefer more financially disruptive attacks that target specific companies or institutions.

Research conducted with Cisco Security Intelligence Operations indicates an increase in attacks that target specific targets. Malware is being used against well-defined users or groups of users to steal intellectual property. The key findings of the report, “Email Attacks – This Time It’s Personal,” are as follows:

– Profits from mass-market spam decreased by more than 50 percent, from $1.1 billion. in June 2010 to $500 million in June 2011.

– The amount of spam sent dropped from 300 billion messages per day to just 40 billion messages per day from June 2010 to June 2011.

– Phishing, fraud, and disruptive attacks against specific companies or individuals increased.

– Phishing attacks have tripled, while fraud and malicious attacks have quadrupled.

– The total cost to companies and institutions around the world of targeted attacks is $1.29 billion annually.

Like nearly all types of cybercrime, targeted attacks exploit technical vulnerabilities and a tendency to overconfidence. Attacks against well-defined companies and individuals are the hardest to catch and can cause the most damage. This type of crime operates with a very small volume of data and focuses on specific individuals or groups of individuals while taking advantage of the cloak of anonymity provided by specialised botnets.

They usually rely on malware or a complex, multi-stage APT (Advanced Persistent Threat) attack to collect the desired data over a long period of time. An example of a targeted attack is the Stuxnet Internet worm, which was able to severely disrupt industrial systems and also spread to non-networked computers, putting machines without access to local networks or the Internet at risk.

Spearphishing attacks, while more resource intensive and smaller in scale than mass spamming, are now a major risk to businesses. Many spearphishing attacks end up stealing money, making them both dangerous for victims and profitable for cybercriminals.

Precisely targeted phishing attempts are a highly personalized version of mass phishing campaigns and can be ten times more profitable than the traditional form of this malicious activity.

Like this post? Please share to your friends:
Mobile Pedia