Targeted malicious attacks worth US$1.3bn to cyber criminals

1 Jul 2011

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Cyber criminals are shifting their stratagem away from mass spam attacks to more targeted, malicious-style attacks, such as spearphishing. Cisco estimates the overall cost of targeted attacks to organisations worldwide is US$1.29bn annually.

It’s been an exhausting summer so far keeping up with the spree of high-profile attacks on Sony, Citibank, the CIA and many others by groups including Anonymous and LulzSec.

But while these groups have been hogging the headlines, let’s not forget hacking is an activity carried out by thousands of perpetrators you’ll never hear about, working by themselves or working on behalf of shady criminal empires.

A new report by Cisco suggests cyber criminals have made a fundamental shift in strategy, abandoning traditional mass spam attacks in favour of personalised attacks with a greater financial impact on targeted organisations.

“Personalised and targeted attacks that focus on gaining access to more lucrative corporate bank accounts and valuable intellectual property are on the rise,” said Nick Edwards, director of Cisco’s Security Technology Business Unit.

“Law-enforcement efforts are making mass spam attacks less appealing to cyber criminals, who are thus spending more time and effort focusing on different types of spearphishing and targeted attacks,” Edwards added.

Research conducted by Cisco Security Intelligence Operations shows the trend toward increased targeted attacks featuring highly customised threats containing malware that are directed at a specific user or group of users for intellectual property theft.

This time, it’s personal

Key findings of the Cisco report:

  • Returns from mass email-based attacks declined by more than 50pc from US$1.1bn in June 2010 to $500m in June 2011.
  • Mass spam volumes plummeted from 300bn daily spam messages to just 40bn between June 2010 and June 2011.
  • There is an increase in spearphishing and personalised scams and malicious attacks.
  • Spearphishing attacks have increased threefold, while scams and malicious attacks have increased fourfold.
  • The overall cost of targeted attacks to organisations worldwide is US$1.29bn annually.

Like almost all types of cyber crime exploits, the success of targeted attacks relies on technical holes and the all-too-human tendency to misplace trust.

Targeted attacks are harder to detect

Targeted attacks are the most elusive threat to protect against and have the potential to deliver the most potent negative impact. Very low in volume, they focus on a specific individual or group under cover of anonymity provided by specialised botnet distribution channels.

Typically, they rely on malware or APTs (advanced persistent threats) to harvest desired data over a period of time. An example of a targeted attack is the Stuxnet worm, which had the potential to severely disrupt industrial computing systems and could traverse non-networked systems, thus placing at risk even systems unconnected to networks or the internet.

Spearphishing attacks, though more costly to mount and lower in volume than mass spam attacks, also pose serious consequences for today’s enterprises. Many spearphishing attacks ultimately lead to financial theft, making them both highly dangerous to victims and highly valuable to cyber criminals. Spearphishing campaigns, which are a highly customised evolution of the traditional mass attack technique of phishing, can net 10 times the profit of a mass attack.

The global study focuses on perspectives from 361 information technology professionals from 50 countries and was compiled by Cisco Security Intelligence Operations, which provides real-time threat intelligence to help Cisco stay ahead of the latest cyber threats. Cisco SIO is the world’s largest cloud-based security ecosystem, using SensorBase data of almost 1m live data feeds from deployed Cisco email, web, firewall and intrusion prevention system (IPS) solutions.  

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com