A new report from Cisco Systems Inc. analyzing illegal activities from spammers and other online scams suggests that cyber criminals are abandoning large spam runs and indiscriminate attacks in search of higher profits doing targeted hacks.
The findings of the report, released at a press and analyst event on Thursday, suggest a precipitous drop in revenue generated by mass spam- and phishing attacks of the last five years, and a shift to lower volume, but more profitable targeted attacks, according to the report.
Cisco estimated that worldwide revenue from high volume spamming has decreased by more than two thirds since last year, from $1 billion a year ago to just $300 million today. During the same period, revenue from scams and other malicious attacks has quadrupled from $50 million to around $200 million, the company reported.
Cisco relied on data from its cloud based intelligence services, which aggregate information from across the company’s customer base, to compile the report.
Low conversion rates are behind the move away from mass attacks. In addition, private and law enforcement actions to dismantle some of the world’s largest botnets like Rustock and Bredolab in the last year have denied spammers the tools they need to conduct massive campaigns, Cisco said.
Targeted attacks are a subset of spam and share many characteristics with mass spam runs, including the use of e-mail messages containing malicious file attachments or Web links. However, targeted attacks rely on extensive planning and research on the likely recipients of the e-mail. Time is taken to craft e-mail messages that seem to be from legitimate sources and directed to the recipient.
Targeted spam runs are far smaller than mass spam runs, but have similar block rates. The key difference is a far higher conversion rate among the few users who end up seeing the targeted e-mails. Fully 70% of those who see a targeted e-mail message opened it, Cisco data suggests, and 50% of those clicked through to the malicious Web page or attachment and were “converted.”
The average value per victim, for attackers, can be 40 times that of a mass attack and the profit from a spearphishing campaign can be 10 times that of a high volume spam run, Cisco said.
Targeted attacks have figured prominently in recent high profile attacks, including a security breach at EMC’s RSA Security division and follow-on attacks at L3 Communications, the IMF and others. Studies suggest that the attacks are highly effective. Data from Intrepidus Group suggests that three quarters of corporate employees fall for phishing attacks.