« In a continuing trend, new research released by Cisco today further confirms that cybercriminals have made a fundamental shift in strategy, abandoning traditional mass spam attacks in favor of personalized attacks with a greater financial impact on targeted organizations.

The research conducted by Cisco Security Intelligence Operations shows a trend toward increased targeted attacks that have the ultimate aim of gaining access to specific sensitive data, corporate intellectual property or access to confidential internal systems. This is undertaken by targeting specific individuals within the companies being targeted. Targeted attack emails are typically sent in low volumes but are potentially one of the most damaging threats any organization can face.

The recent theft of millions of names, email addresses and personal information from Epsilon, Sony, Gannett Government Media, and many others is further giving the cybercriminals holding this data opportunity to construct highly personalized attacks.

According to Ram Mohan, CTO at Afilias and a regular SecurityWeek columnist, « As a result of these breaches, criminals now have enough information to construct highly targeted phishing runs aimed at known customers of the affected companies. They can also address their potential victims by name. Many savvy net users have learned to be suspicious of emails beginning with « Dear Customer » or other vague salutations, but these targeted « spear phishing » attacks can look a lot more convincing. If you already have a business relationship with a company and you receive a realistic-looking email purportedly from that company, you’re a little more likely to believe the phisher’s overtures are genuine if they address you by name. »

According to Cisco’s research, spear phishing attacks have proven to be both highly dangerous to victims and highly valuable to cybercriminals. Cisco says that, a highly customized phishing attack can net 10 times the profit of a mass attack. »

More details here

Related posts: