Spear phishing worth the cost

By on
Spear phishing worth the cost

Targeted attacks return big profits.

Cyber criminals are scrapping widespread spamming campaigns for targeted phishing emails according to Cisco.

In a research paper, Cisco said profits for scatter-gun spam tactics had fallen by more than 50 percent, from US$1.1 billion annually in June 2010 to US$500 million annually this month.

In that same period, daily spam volume sharply has fallen from 300 billion messages per day to 40 billion.

The report found that costs for these types of assaults often range as high as five times as much as launching a traditional mass attack because of the required resources, including customised malware and background research on the targets.

But the return on investment can reach 10 times that of a mass attack.

Criminals had moved to crafted spear phishing attacks which often seek to steal intellectual property from high-profile organisations. The number of spear phishing attacks has increased threefold over the past year, the report said.

The tactic was evident in the recent compromise of information related to RSA's SecurID tokens.

"For an individual campaign, the economics of a spear phishing attack can be more compelling than for a mass attack," the report said. "The costs are significantly higher, but so too are the yield and benefit."

"Spear phishing attack campaigns are limited in volume but offer higher user open and click-through rates," the report said.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?