New research released by Cisco Systems shows a steep decline in the number of mass spam or phishing attacks by cyber criminals but a disturbing rise in the use of targeted phishing attacks that are more sophisticated and, for the criminals, more profitable.
Cisco’s study is being released at a time of heightened public awareness about the danger of cyber crime in the wake of highly publicized breaches, says Patrick Peterson, a Cisco fellow and author of the study.
"This first half of 2011 has been one of the most momentous periods in the history of security," Peterson said at a Cisco news conference Thursday. "It's the year of the breaches, when they became public and so in your face, so repetitively, and at such a level that it becomes clear that [targeted attacks are] a technique that the criminals have adapted very successfully."
Among the more notable breaches this year was the attack on the direct marketing firm Epsilon, in which names and email address of the marketing firm clients' customers were exposed. Epsilon clients--including name brand companies like Best Buy, Citibank, Marriott and Walgreens--had to notify their customers that they may be at risk.
The Cisco study looks mostly at cyber attacks that come through email, such as phishing, which is when an email appears to be from a legitimate sender, such as a bank or retailer, but is fake and can steal personal information or install malware on the receiver's computer. The new targeted variation of phishing is called "spearphishing," the report states, which uses "customization methods superior to those used in mass attacks" and is likely to result in more people responding to the messages and being victimized.