Spam drop, but targeted attack rise, is key 2011 takeaway

Share this article:
As cybercriminals more heavily rely on targeted attacks, the amount of spam this year fell to the lowest levels since 2007, according to Cisco.

The volume of unsolicited email dropped dramatically, from 379 billion messages daily in August 2010 to 124 billion last month, according to Cisco's "2011 Annual Security Report," released Wednesday. One reason for the change – mass mailing campaigns are simply not as lucrative as targeted malware efforts.

While the latter requires just one or a few people to be duped to churn out a large payday for the perpetrator, mass spam campaigns typically require a much higher response rate to be profitable.

The amount of spam emanating from the United States fell sharply in 2011. Compared to last year, when the U.S. was the world's largest spam-sender, the country ranked ninth in total spam volume worldwide during 2011.

The top spam-sending nations of 2011 were:

1. India

2. Russia

3. Vietnam

4./5. South Korea and Indonesia

Source: Cisco2011 Annual Security Report

The overall drop also is attributable to law enforcement and security firms increasingly teaming up take down some of the most prolific spam-sending botnets, including Rustock, once dubbed the largest source of global spam, Bredolab and Mega-D. These dismantlings have put a dent in cybercriminal returns, according to the report. Cisco estimated that gains from traditional mass email-based attacks declined more than 50 percent – from $1.1 billion to $500 million – from June 2010 to June 2011.

But while these botnet disruptions have decreased the amount of pharmaceutical spam in circulation, such actions have not eliminated the risk of malware delivered via email, Mary Landesman, senior security researcher at Cisco, told SCMagazineUS.com on Tuesday. And from an end-user perspective, the impact of the takedowns likely did not have a noticeable impact. Despite the drop off in spam volume, users should still be wary of clicking on links or opening attachments in unwanted emails, she said.

As a general trend, spam campaigns – and also web-delivered malware attacks – have become smaller in scale, Landesman said.

“The days of having a million websites [infected] in a single compromise are behind us,” Landesman said. “There are much smaller compromises, but much more of them, enabling them to fly under the radar.”

Meanwhile, this year also saw increasingly connected workforces, in part due to the bring-your-own-device phenomenon, as well as the rise of social media as a productivity tool, according to the Cisco report. Looking ahead to next year, enterprises must continue to protect against advanced persistent threats, data theft trojans, web exploits and consider the potential risk of hacktivist attacks, which can be disruptive to operations. 

One of the top IT security priorities of 2012 should be creating a system for analyzing and doing meaningful forensics of data captured though event logging technologies, intrusion prevention systems and other sources, Landesman said.

“Being able to intelligently filter through that information and home in on the types of events that would be indicative of targeted attacks is key,” she said.

Additionally, businesses should develop solid social media policies that “make sense, don't alienate employees and foster cooperation," she said. Enterprises should also have a preparedness plan for how to deal with social media threats. As part of this effort, business may want to actively monitor these sites and specify a point-person for dealing with particular issues.

“Instead of being caught and having knee-jerk reaction, you develop an action plan up front so you can quickly react,” Landesman said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.