Cisco Report: Spearphishing Attacks Triple As Victims' Costs Hit $1.29 Billion


Spearphishing attacks have tripled and scams and malware campaigns have increased by a factor of four in the last 12 months, resulting in $1.29 billion in financial losses, remediation and lost business, according to a report from Cisco released Thursday.

These and other findings were incorporated in “Email Attacks: This Time It’s Personal,” a report which researchers at Cisco Security Intelligence Operations compiled from surveying 361 IT professionals from 50 organizations in an effort to examine attack trends and their financial impact on organizations.

Above all, Cisco researchers said that cyber criminals are overwhelmingly trending toward low-volume but highly sophisticated spearphishing and targeted attacks, evidenced by a spate of recent cyber assaults against RSA , Google , Lockheed Martin and Sony.

“2011 has been the year of the breaches,” said Patrick Peterson, a Cisco security research fellow, during a Cisco press event Thursday.

Peterson added that what differentiated the security landscape now is the number of high-profile, targeted attacks. “They’re so in your face and take such a front-page level, for various reasons. They have been on the front page and will continue to be on the front page,” he said.

As defined in the study, targeted attacks are low-volume attacks directed at a specific user or small group of users, using highly personalized information in social engineering schemes while containing malware or advanced persistent threats that exploit zero-day vulnerabilities in order to compromise users’ accounts and steal sensitive data or intellectual property. Often targeted attacks appear legitimate, allowing them to bypass spam and URL filters.

Like targeted attacks, spearphishing attacks can use personal information, but are typically directed at a specific profile or type of user with a commonality, usually high profile executives in an organization, and don’t always embed malware or exploit zero-day vulnerabilities. Researchers said that the sharp rise of spearphishing and targeted attacks is largely due to growing profits gained by the attacks. Total profits garnered from spearphishing have tripled over the last year for cyber criminals, growing from $50 million to $150 million over the last 12 months, while a spearphishing attack can yield a profit 10 times greater than from a mass attack, according to the report.

Despite the explosive adoption of social media in the last two years, the study indicated that e-mail remains the primary threat vector for targeted and spearphishing attacks, primarily because it provides access to C-level executives and administrators in the enterprise, researchers said.

Meanwhile, the report found that criminal profits acquired by mass attacks -- general attacks delivered over e-mail -- declined by 50 percent from $1.1 billion in June 2010 to $500 million in June 2011.

In addition, spam volumes plummeted from 300 billion daily spam messages to $40 billion over the last 12 months, representing an 80 percent overall drop.

Correspondingly, spam attack profitability fell to $300 million in June of 2011 down from $1 billion a year ago, the study revealed.

Researchers said that the sharp drop in mass attacks can be attributed to the eradication of many high profile botnets -- large networks of infected computers operated by a command and control center -- which were the primary vehicle for proliferation of spam.

The drop in spam attacks can also be blamed on expanded detection capabilities and U.S. collaboration with international law enforcement, that have served as a deterrent for large-scale attacks.

Next: Decline In Mass Attacks Offset By Rise In Malicious Threats