Spam drop, but targeted attack rise, is key 2011 takeawaycybercriminals more heavily rely on targeted attacks, the amount of spam this year fell to the lowest levels since 2007, according to Cisco.
The volume of unsolicited email dropped dramatically, from 379 billion messages daily in August 2010 to 124 billion last month, according to Cisco's "2011 Annual Security Report," released Wednesday. One reason for the change – mass mailing campaigns are simply not as lucrative as targeted malware efforts.
While the latter requires just one or a few people to be duped to churn out a large payday for the perpetrator, mass spam campaigns typically require a much higher response rate to be profitable.
The amount of spam emanating from the United States fell sharply in 2011. Compared to last year, when the U.S. was the world's largest spam-sender, the country ranked ninth in total spam volume worldwide during 2011.
The top spam-sending nations of 2011 were:
4./5. South Korea and Indonesia
Source: Cisco2011 Annual Security Report
The overall drop also is attributable to law enforcement and security firms increasingly teaming up take down some of the most prolific spam-sending botnets, including Rustock, once dubbed the largest source of global spam, Bredolab and Mega-D. These dismantlings have put a dent in cybercriminal returns, according to the report. Cisco estimated that gains from traditional mass email-based attacks declined more than 50 percent – from $1.1 billion to $500 million – from June 2010 to June 2011.
But while these botnet disruptions have decreased the amount of pharmaceutical spam in circulation, such actions have not eliminated the risk of malware delivered via email, Mary Landesman, senior security researcher at Cisco, told SCMagazineUS.com on Tuesday. And from an end-user perspective, the impact of the takedowns likely did not have a noticeable impact. Despite the drop off in spam volume, users should still be wary of clicking on links or opening attachments in unwanted emails, she said.
As a general trend, spam campaigns – and also web-delivered malware attacks – have become smaller in scale, Landesman said.
“The days of having a million websites [infected] in a single compromise are behind us,” Landesman said. “There are much smaller compromises, but much more of them, enabling them to fly under the radar.”
Meanwhile, this year also saw increasingly connected workforces, in part due to the bring-your-own-device phenomenon, as well as the rise of social media as a productivity tool, according to the Cisco report. Looking ahead to next year, enterprises must continue to protect against advanced persistent threats, data theft trojans, web exploits and consider the potential risk of hacktivist attacks, which can be disruptive to operations.
One of the top IT security priorities of 2012 should be creating a system for analyzing and doing meaningful forensics of data captured though event logging technologies, intrusion prevention systems and other sources, Landesman said.
“Being able to intelligently filter through that information and home in on the types of events that would be indicative of targeted attacks is key,” she said.
Additionally, businesses should develop solid social media policies that “make sense, don't alienate employees and foster cooperation," she said. Enterprises should also have a preparedness plan for how to deal with social media threats. As part of this effort, business may want to actively monitor these sites and specify a point-person for dealing with particular issues.
“Instead of being caught and having knee-jerk reaction, you develop an action plan up front so you can quickly react,” Landesman said.