Cybercriminal Attack Strategy Shifting To Corporate Networks


Cyber-criminals increasingly favor drone-like attacks on corporate networks over secretly commandeering tens of thousands of computers to distribute spam and malware, a 2011 state-of-security report said Tuesday.

The overall number of networks and computers hijacked by criminals globally has fallen each year since 2009, due to the success of international efforts by law enforcement to shut down huge networks of compromised systems, called botnets, Cisco said in releasing its annual report. In November, for example, the FBI and Slovenian and Spanish police arrested the operators of a 12 million-computer botnet.

Since 2009, Cisco's Global Adversary Resource Market Share Index that tracks the number of compromised systems has fallen from 7.2 to 6.5. Rather than a reflection of less cyber-crime, the drop indicates criminals are shifting from large-scale attacks to working for organizations that pay handsomely for highly sensitive electronic documents stolen from companies operating in the defense industry or manufacturing. Those targets are lucrative and less risky.

"This is becoming a precision, assassin-like model versus a horrible, carpet bomb type of model," Scott Olechowski, threat research manager for Cisco, said during a news conference. Such an attack was reported in October by security vendor Symantec, which said the computers of at least four dozen chemical and defense companies were infected by malware used to steal design documents, formulas and details on manufacturing processes.

The shift has resulted in a steep decline in spam volume since August 2010 from 379 billion messages a day to 124 billion, the lowest number since 2007, according to Cisco.
The ranking of countries with the greatest spam volume has also changed. While the U.S. was number one last year, it fell to number nine this year with India taking the top spot. Coming in second was the Russian Federation, followed by Vietnam, the Republic of Korea and Indonesia, respectively. The amount of money generated annually from spam has fallen by roughly half, to $500 million.

Besides tracking trends, Cisco, the world's largest seller of network security appliances and software, made predictions on the weapons cyber-criminals are most likely to use in 2012, based on the return on investment from cyber-crimes. The weaponry expected to reap the most money included data theft Trojans, spyware, click fraud and web exploits. Targets expected to get lots of attention from criminals based on the potential ROI include mobile devices and cloud infrastructure.

Clouds service providers have been growing so fast that they have not had the time or inclination to make security a top priority, Olechowski said. "We know that there's going to be massive, cloud infrastructure hacks that are going to lead to massive compromises."

Cisco's report included a 14-country survey of 2,800 college students and young professionals from 18 to 23 years old to determine young workers' attitudes that could impact risk to corporate IT security. Among the findings were that three in five of the respondents working for companies believed their employers, not themselves, were responsible for protecting information and devices. In addition, more than half allowed others to use their computers without supervision, including family, friends, coworkers and strangers.