June 30, 2011

Crooks opt for spear phishing despite higher upfront cost

A report released Thursday by Cisco confirms what may have become fairly obvious to security professionals and industry followers over recent months: Cybercriminals are scrapping widespread malicious email campaigns for more targeted attacks.

"Cybercriminals are balancing competing priorities," the report said. "Infect more users or keep the attack small enough to fly under security vendors' radar."

One side appears to be winning out. The Cisco white paper, "Email Attacks: This Time it's Personal," reveals a dramatic drop in profits accrued by crooks who launch traditional attacks, such as delivering malware-laden or phishing emails.

Not surprisingly, Cisco researchers estimate that the returns for mass email-based attacks have fallen from $1.1 billion annually in June 2010 to $500 million annually this month. In that same period, daily spam volume sharply has fallen from 300 billion messages per day to 40 billion.

But the criminals haven't folded up shop. Instead, they have begun to find cost benefit in perpetrating stealthier, more crafted email attacks known as spear phishing, which are aimed at specific individuals. Often, these offensives seek to steal intellectual property from high-profile organizations. The number of spear phishing attacks has increased threefold over the past year, the report said.

The tactic was evident in the recent compromise of information related to RSA's SecurID tokens.

"For an individual campaign, the economics of a spear phishing attack can be more compelling than for a mass attack," the report said. "The costs are significantly higher, but so too are the yield and benefit."

The report found that costs for these types of assaults often range as high as five times as much as launching a traditional mass attack because of the required resources, including customized malware and background research on the targets. But the return on investment can reach 10 times that of a mass attack.

"Spear phishing attack campaigns are limited in volume but offer higher user open and click-through rates," the report said.

Related Articles
Related Topics

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.