Spear phishing worth the cost

By

Targeted attacks return big profits.

Cyber criminals are scrapping widespread spamming campaigns for targeted phishing emails according to Cisco.

Spear phishing worth the cost

In a research paper, Cisco said profits for scatter-gun spam tactics had fallen by more than 50 percent, from US$1.1 billion annually in June 2010 to US$500 million annually this month.

In that same period, daily spam volume sharply has fallen from 300 billion messages per day to 40 billion.

The report found that costs for these types of assaults often range as high as five times as much as launching a traditional mass attack because of the required resources, including customised malware and background research on the targets.

But the return on investment can reach 10 times that of a mass attack.

Criminals had moved to crafted spear phishing attacks which often seek to steal intellectual property from high-profile organisations. The number of spear phishing attacks has increased threefold over the past year, the report said.

The tactic was evident in the recent compromise of information related to RSA's SecurID tokens.

"For an individual campaign, the economics of a spear phishing attack can be more compelling than for a mass attack," the report said. "The costs are significantly higher, but so too are the yield and benefit."

"Spear phishing attack campaigns are limited in volume but offer higher user open and click-through rates," the report said.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Log In

  |  Forgot your password?