Cisco Study Shows Mass Phishing Attacks Down, Targeted Attacks Up

New research released by Cisco Systems shows a steep decline in the number of mass spam or phishing attacks by cyber criminals but a disturbing rise in the use of targeted phishing attacks that are more sophisticated and, for the criminals, more profitable.

Cisco’s study is being released at a time of heightened public awareness about the danger of cyber crime in the wake of highly publicized breaches, says Patrick Peterson, a Cisco fellow and author of the study.

"This first half of 2011 has been one of the most momentous periods in the history of security," Peterson said at a Cisco news conference Thursday. "It's the year of the breaches, when they became public and so in your face, so repetitively, and at such a level that it becomes clear that [targeted attacks are] a technique that the criminals have adapted very successfully."

Among the more notable breaches this year was the attack on the direct marketing firm Epsilon, in which names and email address of the marketing firm clients' customers were exposed. Epsilon clients--including name brand companies like Best Buy, Citibank, Marriott and Walgreens--had to notify their customers that they may be at risk.

The Cisco study looks mostly at cyber attacks that come through email, such as phishing, which is when an email appears to be from a legitimate sender, such as a bank or retailer, but is fake and can steal personal information or install malware on the receiver's computer. The new targeted variation of phishing is called "spearphishing," the report states, which uses "customization methods superior to those used in mass attacks" and is likely to result in more people responding to the messages and being victimized.The report compares the results of a mass attack to those of a targeted attack. In a typical mass attack, a million emails may be sent out. Most will be blocked, but enough will get through that eight people are victimized for a loss of $2,000 each, or $16,000 total. If it costs $2,000 to conduct the attack, the criminal has made a profit of $14,000. But in a targeted attack, only 1,000 emails are sent, and only two people are victimized, but their losses are $80,000 each or $160,000 total. It may cost the criminal $10,000 to conduct that campaign, yielding a net profit of $150,000.

Cyber criminals are developing more sophisticated scams because profits are declining for conventional mass attacks, which are becoming less and less effective. Cisco estimates that profits from mass email attacks, which had been rising steadily between 2005 and 2010, fell by more than 50%, to $500 million, in June 2011, from $1.1 billion in June 2010.

"The tide turned tremendously at the end of 2010, tremendously in 2011, and we actually continue to expect criminal profits from these mass attacks to drop year over year," says Peterson. He attributes the decline to "botnet decapitation," taking down networks of computers used to launch attacks, as well as improved success by law enforcement in catching cyber criminals.

Enterprises have to protect against phishing attacks and other security threats to their networks, says Tom Gilles, VP and general manager of Cisco's security technology business unit. He says there also are security implications from two of the latest trends in enterprise IT: the consumerization of IT, in which workers bring personal devices into work to get access to the corporate network, and the emergence of cloud computing, in which data may be stored beyond the firewall.

"Taken together, these two trends mean that we have more people accessing more information and more people on the network than ever before, and it’s having an impact on how we build security solutions," Gilles says.

Cisco is expected to introduce new security products and services at its Cisco Live convention later this month in Las Vegas.

See more on this topic by subscribing to Network Computing Pro Reports Research: 2011 Strategic Security Survey (subscription required).