Cisco: U.S. No Longer the Spam Leader
State of Internet Security 2009 report finds zero days are down, but social networking threats are up.
Was the Internet a safer place in 2009 than it was in 2008?
It all depends on how you look at the data. According to Cisco Systems, 2009 was a good year for at least one key reason: the U.S. is no longer the spam capital of the world. Now it's only number two.
While U.S.-originated spam volumes are on the decline, Cisco's State of the Internet 2009 security report highlighted a growing rise in attacks emanating from social media outlets.
"I'm not completely surprised to see U.S falling to number two in the spam stats, but I didn't expect it to happen yet," said Cisco Fellow Patrick Peterson. "I was really gratified to see the actual spam volume decrease, not just ranking, but we [also] decreased the amount of spam that is pouring out of the United States."
Cisco reported 6.6 trillion spam messages originating from the United States in 2009, a 20.3 percent decline from the 2008 mark of 8.3 trillion messages. This year, the United States was eclipsed by Brazil, which took the dubious distinction of the top spamming nation, blasting out 7.7 trillion messages in 2009, up 193 percent from 2008, when Cisco counted 2.7 trillion spam messages originating from Brazil.
There are a few key steps needed to help U.S. spam volumes decline even further, Peterson said. He noted that service providers need to continue to educate consumers and help them by providing security software. Compromised PCs that can become part of spam-sending botnets are often large contributors to aggregate spam volumes.
Peterson also advised service providers to put programs in place to help them identify and remove malware on the affected consumer hardware. Additionally, he noted enforcement efforts like the shutdown of the large-scale spam host McColo in 2008 are also key to reducing spam.
While Peterson is heartened by the overall decline in U.S.-based spam, he worries about the rise of social-media threats.
"The success and focus on social networking by attackers is also a surprise," he said. "If you look at the time it took for criminals to evolve spam tools and Web-exploit tools, it was a three-year curve. I think that criminals in less than 12 months have developed the business models, ecosystem, and techniques to monetize this very quickly."
He cautioned that the rise in attacks on social networking sites does not imply that the Facebook, Twitter, and others sites are directly vulnerable. Rather, the attacks are currently focused on social engineering and compromising passwords.
Peterson said that a Twitter or Facebook account is only as strong as the password maintained by the end user.
"At the end of the day the human is the weak link," Peterson said.
He advised social networking users to have strong passwords and not to share them across multiple accounts. Twitter and Facebook both also support other authentication schemes that are used to help protect users' accounts. Twitter, for example, supports OAuth, while Facebook has its Facebook Connect technology.
"I'm aware primarily of simple password attacks," Peterson said. "Right now that's such fertile ground that I haven't seen a lot of criminal focus or success around the other mechanisms."
Sean Michael Kerner is a senior editor at InternetNews.com, covering Linux and open source, application development and networking.