The era of mass Internet attacks is over

A lot of the easy money in Internet attacks is gone. Now you have to do some homework and pick your targets more carefully to get a rewarding rate of return on your crimes.

A report from Cisco says that the nature of attacks on the Internet is changing. Dumb, old-fashioned mass-spammed attacks, and spam itself, are losing their financial motivation and decreasing in frequency.

A Dark Reading report on the Cisco analysis says that targeted attacks cost 5 times as much as a mass attack to pull off, but bring in 10 times the profit. Cisco says the payoff from targeted attacks can be impressive. Targeted attack victims are valued at $80,000 apiece.

We knew that targeted attacks were on the rise. The Cisco report adds that wide-net, mass attacks are on the decline. It makes sense: criminals are maximizing their profits. Cisco also confirms sporadic reports elsewhere that spam is declining, and probably for the same reason. Monthly spam messages measured by Cisco went from 300 billion in June, 2010 to 40 billion in June, 2011.

Patrick Peterson, a Cisco fellow, attributes the changes to "Botnet decapitation...They've been shut down, taken offline, and disrupted." I think it's also fair to say that security products have gotten better and pretty good at countering the mass attacks. It's the small-scale, targeted attacks that are more likely to get through them.

Computerworld quotes Peterson as saying the tide turned at the end of 2010. "In the past year alone, international takedown efforts have neutralized or removed some of the world's worst botnets: Conficker, Waledac, Pushdo and, most recently, Rustock have all been hit."

High-end targeted attacks may involve zero-day vulnerabilities and other sophisticated techniques, but often all that's needed is some research. You can learn a lot about a company and its personnel just from their own web site and LinkedIn. From there it's a matter of writing a sufficiently-convincing e-mail and spoofing its source.

Unfortunately, the best defense against such attacks is an alert and skeptical user. These are always in short supply.

Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.