Spammers Turning To Targeted Attacks

    December 18, 2008

Spammers are now taking their cue from search engines and advertisers by making their emails more personalized in attempts to steal users information, according to a new security report from Cisco.

The report found there was a 90 percent growth in threats coming from legitimate domains, nearly double what was seen in 2007. While targeted spear-phishing represents about 1 percent of all phishing attacks it is on track to become more widespread as savvy criminals personalize spam and make messages appear more credible.

Spam accounts for nearly 200 billion messages each day, about 90 percent of worldwide email. The United States is the biggest source at 17.2 percent. Other countries who contribute spam include Turkey (9.2%), Russia (8%), Canada (4.7%), Brazil (4.1%), India (3.5%), Poland (3.4%), South Korea (3.3%), Germany and the United Kingdom (2.9% each).

More online criminals are using real email accounts with large legitimate Web mail providers to send spam. This "reputation hijacking" offers increased deliverability because it makes spam harder to detect and block. In 2008 spam resulting from email reputation hijacking of the top three mail providers accounted for less than 1 percent of all spam globally but accounted for 7.6 percent of the provider’s mail traffic.

"Every year we see threats evolve as criminals discover new ways to exploit people, networks and the Internet. This year’s trends underscore how important it is to look at all basic elements of security policies and technologies," said Patrick Peterson, Cisco fellow and chief security researcher.

"Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures. It is important to upgrade applications, endpoint systems and networking equipment to help ensure that corporate systems run smoothly and minimize risk."