Full Story Full Story












PRESS RELEASE

Cybercriminals Ditching Mass Spam for Targeted Attacks

New Cisco Report Shows Traditional Mass Spam Volumes Plummeting as Cybercriminals Turn to More Lucrative, Pinpointed Attacks

SAN JOSE, Calif. – June 30, 2011 – In the complex and ever-changing landscape of online crime, cybercriminals have made a fundamental shift in strategy, abandoning traditional mass spam attacks in favor of personalized attacks with a greater financial impact on targeted organizations, according to a new security report from Cisco. Research conducted by Cisco® Security Intelligence Operations shows thetrend toward increased targeted attacksfeaturing highly customized threats containing malwarethat are directed at a specific user or group of users for intellectual property theft.

Key Findings - Email Attacks: This Time, It's Personal

  • Returns from mass email-based attacks declined by more than 50 percent from US$1.1 billion in June 2010 to $500 million in June 2011.
  • Mass spam volumes plummeted from 300 billion daily spam messages to just 40 billion between June 2010 and June 2011.
  • There is an increase in spearphishing and personalized scams and malicious attacks.
  • Spearphishing attacks have increased threefold, while scams and malicious attacks have increased fourfold.
  • The overall cost of targeted attacks to organizations worldwide is $1.29 billion annually.

Like almost all types of cybercrime exploits, the success of targeted attacks relies on technical holes and the all-too-human tendency to misplace trust. Targeted attacks are the most elusive threat to protect against and have the potential to deliver the most potent negative impact. Very low in volume, they focus on a specific individual or group under cover of anonymity provided by specialized botnet distribution channels. Typically, they rely on malware or APTs (Advanced Persistent Threats) to harvest desired data over a period of time. An example of a targeted attack is the infamous Stuxnet worm, which had the potential to severely disrupt industrial computing systems and could traverse non-networked systems, thus placing at risk even systems unconnected to networks or the Internet.

Spearphishing attacks, though more costly to mount and lower in volume than mass spam attacks, also pose serious consequences for today's enterprises. Many spearphishing attacks ultimately lead to financial theft, making them both highly dangerous to victims and highly valuable to cybercriminals. Spearphishing campaigns, which are a highly customized evolution of the traditional mass attack technique of phishing, can net 10 times the profit of a mass attack.

The global study focuses on perspectives from 361 information technology professionals from 50 countries andwas compiled by Cisco Security Intelligence Operations, which provides real-time threat intelligence to help Cisco stay ahead of the latest cyber threats. Cisco SIO is the world's largest cloud-based security ecosystem, using SensorBase data of almost 1 million live data feeds from deployed Cisco email, Web, firewall and intrusion prevention system (IPS) solutions.  

 

Supporting Quote:

Nick Edwards, director of Cisco's Security Technology Business Unit

  • "Personalized and targeted attacks that focus on gaining access to more lucrative corporate bank accounts and valuable intellectual property are on the rise. Law enforcement efforts are making mass spam attacks less appealing to cybercriminals, who are thus spending more time and effort focusing on different types of spearphishing and targeted attacks."

 

Supporting Resources:

Technorati Tags: Cisco, targeted attacks, SIO, email, spam, Stuxnet, malware, security, research, study, network security, spearfishing, enterprise security. 

About Cisco Systems

Cisco, (NASDAQ: CSCO), is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.

# # #

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

***** document ****** Cybercriminals Ditching Mass Spam for Targeted Attacks Cybercriminals Ditching Mass Spam for Targeted Attacks Active New Cisco Report Shows Traditional Mass Spam Volumes Plummeting as Cybercriminals Turn to More Lucrative, Pinpointed Attacks network security

SAN JOSE, Calif. – June 30, 2011 – In the complex and ever-changing landscape of online crime, cybercriminals have made a fundamental shift in strategy, abandoning traditional mass spam attacks in favor of personalized attacks with a greater financial impact on targeted organizations, according to a new security report from Cisco. Research conducted by Cisco® Security Intelligence Operations shows thetrend toward increased targeted attacksfeaturing highly customized threats containing malwarethat are directed at a specific user or group of users for intellectual property theft.

Key Findings - Email Attacks: This Time, It's Personal

  • Returns from mass email-based attacks declined by more than 50 percent from US$1.1 billion in June 2010 to $500 million in June 2011.
  • Mass spam volumes plummeted from 300 billion daily spam messages to just 40 billion between June 2010 and June 2011.
  • There is an increase in spearphishing and personalized scams and malicious attacks.
  • Spearphishing attacks have increased threefold, while scams and malicious attacks have increased fourfold.
  • The overall cost of targeted attacks to organizations worldwide is $1.29 billion annually.

Like almost all types of cybercrime exploits, the success of targeted attacks relies on technical holes and the all-too-human tendency to misplace trust. Targeted attacks are the most elusive threat to protect against and have the potential to deliver the most potent negative impact. Very low in volume, they focus on a specific individual or group under cover of anonymity provided by specialized botnet distribution channels. Typically, they rely on malware or APTs (Advanced Persistent Threats) to harvest desired data over a period of time. An example of a targeted attack is the infamous Stuxnet worm, which had the potential to severely disrupt industrial computing systems and could traverse non-networked systems, thus placing at risk even systems unconnected to networks or the Internet.

Spearphishing attacks, though more costly to mount and lower in volume than mass spam attacks, also pose serious consequences for today's enterprises. Many spearphishing attacks ultimately lead to financial theft, making them both highly dangerous to victims and highly valuable to cybercriminals. Spearphishing campaigns, which are a highly customized evolution of the traditional mass attack technique of phishing, can net 10 times the profit of a mass attack.

The global study focuses on perspectives from 361 information technology professionals from 50 countries andwas compiled by Cisco Security Intelligence Operations, which provides real-time threat intelligence to help Cisco stay ahead of the latest cyber threats. Cisco SIO is the world's largest cloud-based security ecosystem, using SensorBase data of almost 1 million live data feeds from deployed Cisco email, Web, firewall and intrusion prevention system (IPS) solutions.  

 

Supporting Quote:

Nick Edwards, director of Cisco's Security Technology Business Unit

  • "Personalized and targeted attacks that focus on gaining access to more lucrative corporate bank accounts and valuable intellectual property are on the rise. Law enforcement efforts are making mass spam attacks less appealing to cybercriminals, who are thus spending more time and effort focusing on different types of spearphishing and targeted attacks."

 

Supporting Resources:

Technorati Tags: Cisco, targeted attacks, SIO, email, spam, Stuxnet, malware, security, research, study, network security, spearfishing, enterprise security. 

About Cisco Systems

Cisco, (NASDAQ: CSCO), is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.

# # #

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

/image/image_gallery?uuid=2afee6a9-f91a-411f-9405-d27324694397&groupId=10157&t=1311357929619 In the complex and ever-changing landscape of online crime, cybercriminals have made a fundamental shift in strategy, abandoning traditional mass spam attacks in favor of personalized attacks with a greater financial impact on targeted organizations, according to a new security report from Cisco. David Oro|Cisco Systems, Inc.|707-558-8585|daoro@cisco.com|Press Contact Marilyn Mora|Cisco Systems, Inc.|+1 408 527 7452|marilmor@cisco.com|Investor Relations Contact Trevor Bratton|Cisco Systems, Inc.|949 823-1212|trbratto@cisco.com|Press Contact ##### comments######
Web Content Display Web Content Display
 
Web Content Display Web Content Display
Web Content Display Web Content Display

The Network is offering Google Translate in an effort to more easily share our content with a global audience. As these are free, machine translations, we cannot verify that all translations are accurate.

Translate


Web Content Display Web Content Display

Web Content Display Web Content Display

Stay Connected


Cisco Facebook @CiscoSystems on Twitter Cisco on Google Plus (+)
Cisco on LinkedIn Cisco on Pinterest Cisco on Youtube
Cisco - The Network RSS Cisco - The Network Podcast on iTunes Mynewswire Email - Cisco Newsletter
Web Content Display Web Content Display

Leadership@Cisco

Web Content Display Web Content Display
 
Web Content Display Web Content Display

MyNewswire Subscription

Subscribe to MyNewsWire
Sign up now for free.

Our email newsletter, MyNewsWire, is your source for the latest Cisco news, press releases, features and videos. We'll help you stay up-to-date on technologies, events, innovations, and more. And now, you can get it as often as you like—free.

 

Web Content Display Web Content Display

 
 
Like us on Facebook
 
Follow us on Twitter