In its annual state of security report released this week, Cisco (NASDAQ: CSCO) says that criminals have shifted away from the use of massive spam campaigns to the use of targeted attacks. This is in part due to a reduction in the number of computers and networks commandeered by criminals, which has been declining since 2009. The result is a steep fall of spam from 379 billion messages a day in August 2010 to 124 billion messages a day, one year later. Moreover, the amount of money generated from spam was cut in half, to $500 million.

Attackers have instead started adopting a more profitable approach by using malware that is stealthy and which quietly siphons off personal information to be sold off at underground markets. Indeed, criminals are seeing bigger payoffs by adopting an approach using targeted phishing emails. Scott Olechowski, threat research manager for Cisco, was quoted in an eWeek report as saying: "This is becoming a precision, assassin-like model versus a horrible, carpet bomb type of model."

As the nature of email threats evolve, businesses need to react to them by training employees on how to identify phishing attempts, as well as putting new defenses in place to defend against the new attack vectors. The Cisco Security Annual Report 2011 can be downloaded here (.pdf).

For more on this story:
- check out this article at eWeek

Related Articles:
Yahoo awarded $610 million in lottery spam case
Hacker tries blackmail to get job at Marriott
IBM: 12 billion security events a day, for now