Cybercriminals have revised their strategies over the course of the last year and are no longer sending out tons of spam mail but are instead resorting to tailor-made plans of virtual attack. The latest research published by IT services provider Cisco found that the volume of spam mail sent globally has dropped from 300 billion in June 2010 to 40 billion last month. This also marks a notable, roughly 50% contraction in the value of the market from $1.1 billion to $500 million over the same period of time.
At the same time, the phenomenon known as “spearphishing” – referring to attacks specifically targeted at individuals – is on the rise. The number of these attacks has tripled last year and increased fourfold in 2011. Cisco calculates that spearphishing causes $1.29 billion in damages every year. Other types of personalized scams and malicious attacks are also rampant.
As always, the vulnerabilities that allow these attacks to succeed are sometimes technical, but more often than not, they are the result of user negligence. Cisco notes that tricksters relying on people’s ability to trust strangers are the hardest to defend against, yet these are exactly the cases that cause the biggest volume of damages.
And even though market turnover – i.e. the sums that can be swiped from individual victims – is comparatively low and precision is costly for the attackers, the profit prospects are tempting. Compared to “traditional” mass-mail campaigns, spearphishers often end the day with a tenfold increase in profits when weighed against their old ways.
Cisco found that these efforts are the most likely to cause companies actual financial damages, making them persistently popular among cybercriminals.