Breach, APT, Phishing

Crooks opt for spear phishing despite higher upfront cost

July 1, 2011

A report released Thursday by Cisco confirms what may have become fairly obvious to security professionals and industry followers over recent months: Cybercriminals are scrapping widespread malicious email campaigns for more targeted attacks.

"Cybercriminals are balancing competing priorities," the report said. "Infect more users or keep the attack small enough to fly under security vendors' radar."

One side appears to be winning out. The Cisco white paper, "Email Attacks: This Time it's Personal," reveals a dramatic drop in profits accrued by crooks who launch traditional attacks, such as delivering malware-laden or phishing emails.

Not surprisingly, Cisco researchers estimate that the returns for mass email-based attacks have fallen from $1.1 billion annually in June 2010 to $500 million annually this month. In that same period, daily spam volume sharply has fallen from 300 billion messages per day to 40 billion.

But the criminals haven't folded up shop. Instead, they have begun to find cost benefit in perpetrating stealthier, more crafted email attacks known as spear phishing, which are aimed at specific individuals. Often, these offensives seek to steal intellectual property from high-profile organizations. The number of spear phishing attacks has increased threefold over the past year, the report said.

The tactic was evident in the recent compromise of information related to RSA's SecurID tokens.

"For an individual campaign, the economics of a spear phishing attack can be more compelling than for a mass attack," the report said. "The costs are significantly higher, but so too are the yield and benefit."

The report found that costs for these types of assaults often range as high as five times as much as launching a traditional mass attack because of the required resources, including customized malware and background research on the targets. But the return on investment can reach 10 times that of a mass attack.

"Spear phishing attack campaigns are limited in volume but offer higher user open and click-through rates," the report said.

prestitial ad