The axiom “Quality, not quantity” has been adopted by everyone from stock pickers to those trying to successfully navigate the online dating scene. Now cybercriminals are also putting this philosophy to practice.
The fundamental shift away from mass spam attacks to more targeted threats with potentially bigger payoffs is top of mind to me. This trend is detailed in a new report by Cisco’s Security Intelligence Operation (SIO).
Specifically on the issue of spam, Cisco’s research reveals that mass spam volumes dropped from 300 billion daily spam messages to 40 billion between June 2010 and June 2011. Although 40 billion is still a huge number, signifying that spam is still an issue, the trend that’s most alarming is the threefold increase in spearphishing and the fourfold increase in personalized scams and malicious attacks such as malware.
This increase comes at a huge cost. Worldwide these targeted attacks take a $1.29 billion annual toll on organizations. But while they impact an entire corporation, these attacks start small—with specific individuals or groups. Typically these focused attacks rely on malware or Advanced Persistent Threats (APTs) to get at the data they want over time. For example, an attack that Cisco SIO identified earlier this year involved a message sent to senior executives at a large corporation. The message was sent by an unknown party through a legitimate but compromised server in Australia. An embedded URL was hosted on a legitimate but compromised law blog. When clicked, the user’s browser was directed to a previously unknown copy of the Phoenix exploit kit that installs the Zeus Trojan on the victim’s computer.
Another example of a targeted attack is the infamous Stuxnet worm, which had the potential to severely disrupt industrial computing systems and reportedly damaged Iran’s nuclear program. Stuxnet and other variants that are likely to surface are particularly dangerous because they can traverse non-networked systems, even endangering systems unconnected to networks or the Internet.
Keep in mind that even with a more focused attack on, let’s say, a dozen executives at Company ACME (rather than the more traditional mass spam attack), cybercriminals need to reel in only one target to score big. The average payoff per victim can be 40 times that of a mass attack if that victim, for example, has access to corporate banking accounts.
In addition, the reputation cost of an attack can result in a loss of business and shareholder value. According to Cisco SIO research, organizations estimate the reputation cost per infected user is $1,900, or 6.4 times that of the direct monetary loss.
I’m proud that Cisco has taken an aggressive, proactive approach to dealing with these more targeted attacks by using real-time threat intelligence from SIO, the world’s largest cloud-based security ecosystem. The system leverages SensorBase data from almost one million live data feeds from deployed Cisco email, web, firewall, and intrusion prevention solutions. Then Cisco SIO weighs and processes the data, automatically categorizing threats and creating rules based on more than 200 parameters. Security researchers also collect and supply information about security events that have the potential for widespread impact on networks, applications, and devices. Rules are dynamically delivered to deployed Cisco security devices every three to five minutes. The Cisco SIO team also publishes security best practice recommendations and tactical guidance for thwarting threats.
No system is foolproof, but in a world of increasingly targeted attacks, savvy CIOs and security buyers should make real-time, comprehensive solutions top of mind.