Skip to main content

Cisco: Spammers shifting to targeted attacks

Scammer hand through monitor, spam, phishing, security
Image used with permission by copyright holder

Cisco’s Security Intelligence Operations group has published a new report, Email Attacks: This Time It’s Personal (PDF) that indicates the Internet is experiencing a fundamental shift in the nature of spam: instead of spammers relying on sending as many messages as possible and hoping to get responses from a tiny fraction of one percent of gullible recipients, spammers are shifting to a far smaller number of targeted, personalized attacks—a.ka. spearphishing. The good news is that the overall volume of mass spam has declined sharply, along with the amount of money criminals gain from them. The bad news is that targeted attacks are up sharply…and criminals make a lot more money every time one of them succeeds.

“Cybercriminal business models have recently shifted towards low-volume targeted attacks,” Cisco wrote. “With email remaining the primary attack vector, these attacks are increasing in both their frequency and their financial impact on targeted organizations.”

Recommended Videos

According to Cisco, spam volumes peaked at an average of about 300 billion spams per day in June 2010 down to about 40 billion spams a day in June 2011. With that decline, spammers have also found the amount of money they haul in from mass email spam is going down: Cisco estimates mass spam attacks netted spammers about $1.1 billion in June 2010, but that figure dropped to $500 million by June 2011.

One reason that spammers’ revenues haven’t declined in proportion to the amount of messages they send out is that an increasing number of messages are individualized with personalization tools and other information designed to pull in a potential victim and “convert” them into a paying victim, or get them to click through to a site that will try to install malware. Cisco estimates that spammer revenue from these customized attacks grew from $50 million in June 2010 to $200 million by June 2011.

Cisco also notes that while spam filters and blocking technologies are able to block about as many targeted attacks as mass attacks, targeted attacks are far more likely to be opened by their intended victims, and have click-through rates as high as 50 percent.

Cisco Spam Attack Campaign Economics
Image used with permission by copyright holder

Cisco also credits the decline in mass attack spam to the work of industry organizations, security firms, and law enforcement, noting that in the last year botnets like SpamIt, Rustock, Bredolab, and Mega-D have been severely curtailed by law enforcement actions.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
This huge DDoS attack was one of the longest ever recorded
A depiction of a hacker breaking into a system via the use of code.

An unprecedented distributed denial of service (DDoS) attack saw over 25.3 billion requests being sent to a target. Imperva, a cyber security software and services company, confirmed the attack.

As reported by Bleeping Computer, the firm’s systems defended the record-breaking attack when it occurred on June 27, 2022.

Read more
Google just thwarted the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Read more
North Korean hackers are targeting crypto workers
A hand on a laptop in a dark surrounding.

Hackers believed to be associated with the North Korean-based cybercriminal group Lazarus have attempted yet another digital heist by targeting cryptocurrency firm deBridge Finance.

As reported by Bleeping Computer, deBridge operates as a “liquidity transfer protocol that allows decentralized transfer of data and assets” between multiple blockchain platforms.

Read more