Targetted Attacks On the Rise and Spam Declines

For much of the Internet era, mass attacks and spam have been the scourge of IT professionals and consumers alike. That situation is now changing, according to new data from Cisco.

Cisco’s Security Intelligence Operations is out with a new report, Email Attacks: This Time It’s Personal, showing a stark decline in the value and volume of mass email based attacks

“This report lays out a true tipping point in what we believe to be the nature of attacks,” Patrick Peterson, Cisco Fellow, said during a live WebEx event. “The criminal successes and focus have migrated from the things that used to consume us 24/7 four or five years ago.”

Those items that used to consume Peterson’s time were the mass attacks from spam, spyware and phishing. He noted that criminal profits from spam and mass attacks began to decline dramatically in 2010.

According to Cisco’s research, spam volumes have declined from a peak of 300 billion daily spam messages to an average of only 40 billion between June 2010 and June 2011. Criminal revenues from the mass attacks have also declined. According to Cisco, revenues from mass based email attacks brought in $1.1 billion in June 2010 and have now declined to $500 million in June 2011.

As to why spam volumes and mass attacks have declined, Peterson provided a number of explanations. The first reason he offered is that botnets have been decapitated. “The simple version is that a lot of the botnets that are essential for operating at scale have been shutdown, taken offline, bothered and hassled,” Peterson said.

The other reason why mass attacks have declined is the active involvement of law enforcement.

While mass attacks are on the decline, targeted attacks are growing in terms of the harm that they cause. According to Cisco, targeted attacks now cost global organizations $1.29 billion annually.

The costs in involved in dealing with a targeted attack fall into multiple groups. “We estimate that for every dollar that you actually lose it’s costing you more than twice that much for remediation,” Peterson said. “Remediation is not just wiping PCs clean either, it’s auditors, PR and a whole host of issues dealing with cleaning up the incident.”

Peterson added that reputation repair can also be very expensive. As such, with the increased revenues that criminals are gaining from targeted attacks, the costs of remediation are also on the rise.

“We have come a long way in winning the battle against the mass attacks,” Peterson said. “And the criminals have come a long way in being far too successful with targeted attacks.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top Endpoint Detection and Response (EDR) Solutions

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Best SIEM Tools & Software for 2021

Security Information and Event Management (SIEM, pronounced "sim") is a key enterprise security technology, with the ability...

Related articles