Just in time for Independence Day weekend, I got an email from my friends at Cisco, alerting me that we are seeing an independence, of sorts, from spam. The decrease has been happening for a while. Research conducted by Cisco Security Intelligence Operations found the following:
This matches up with news from earlier in the year, when the Rustock botnet was taken down. However, before we get too excited about the decrease in spam, Cisco warns that cybercriminals are still out there and still busy; they've just refocused their strategy. Replacing traditional mass spam attacks are personalized attacks with a greater financial impact on targeted organizations.
Again, the Cisco report found:
A Cisco release explained the new trend this way:
Like almost all types of cybercrime exploits, the success of targeted attacks relies on technical holes and the all-too-human tendency to misplace trust. Targeted attacks are the most elusive threat to protect against and have the potential to deliver the most potent negative impact. Very low in volume, they focus on a specific individual or group under cover of anonymity provided by specialized botnet distribution channels. Typically, they rely on malware or APTs (Advanced Persistent Threats) to harvest desired data over a period of time. An example of a targeted attack is the infamous Stuxnet worm, which had the potential to severely disrupt industrial computing systems and could traverse non-networked systems, thus placing at risk even systems unconnected to networks or the Internet.
Nick Edwards, director of Cisco's Security Technology Business Unit, added:
Personalized and targeted attacks that focus on gaining access to more lucrative corporate bank accounts and valuable intellectual property are on the rise. Law enforcement efforts are making mass spam attacks less appealing to cybercriminals, who are thus spending more time and effort focusing on different types of spearphishing and targeted attacks.
A blog post at All Spammed Up explained very nicely why enterprise should care about spear phishing - before the Cisco report was released:
Even when used against other companies, spear phishing erodes at and threatens to harm the trust placed in this important communication channel.
In addition, it is also unlikely that all the capabilities exhibited by the alleged state-sponsored hackers are developed internally. There is essentially nothing to prevent these same tools from leaking into the larger hacker underground, or for these highly-skilled and trained professionals from leveraging their skills and tools for personal profit-at the expense of your company.