In 2010, cybercrime took a turning point, spam levels declined and this trend continued throughout 2011. According to Cisco’s Annual Security Report, this trend was explained by the takedown of numerous botnet networks, even though the number of smaller, more focused attacks was on the increase.
After the 2010 cybercrime turning point, when spam levels started to decline for the first time, this trend continued throughout 2011. This trend can be explained mainly by several key botnet takedowns through the last two years.
However, the number of vulnerabilities increased: there are fewer widespread attacks but greater numbers of smaller, more focused attacks.
These are some of the key findings of the latest Cisco Annual Security Report, which highlights the most important security trends of the year and provides tips and guidance to keep business environments more secure.
For the first time, the Cisco Annual Security Report also takes an in depth look into how the next-generation workforce’s behaviour heightens personal and corporate risk amid a complex threat landscape.
Key Trends, Highlights:
¬∑ Dramatic Decline in Spam Volume: According to Cisco Security Intelligence Operations (SIO), spam volume dropped from more than 379 billion messages daily to about 124 billion messages daily between August 2010 and November 2011‚Äîlevels not seen since 2007. The impact on the business of cybercrime is significant: Cisco SIO estimates that the cybercriminal benefit resulting from traditional mass email-based attacks declined more than 50 percent (on an annualised basis) from June 2010 to June 2011 ‚ from US $ 1billion to US $ 500 million. Looking into which countries spam volumes are originating from worldwide, in the month of September 2011, India had the highest percentage of spam volume (13.9 percent). Vietnam came in second with 8.0 percent and The Russian Federation took the third-place spot with 7.8 percent.
¬∑ Cisco Cybercrime Return on Investment (CROI) Matrix: The Cisco CROI Matrix, which made its debut in the Cisco 2009 Annual Security Report, analyses types of cybercrime that Cisco’s security experts predict profit-oriented scammers will channel their resources toward in 2012. Based on performance in 2011, the matrix predicts that mobile devices, along with cloud infrastructure hacking will rise in prevalence in 2012. Money laundering is also expected to remain a key focus area for cybercrime investment. A not-so- surprising newcomer among the ‚Rising Stars‚ is Mobile Devices, which was listed in the ‚Potentials‚ category in the 2010 matrix. Cybercriminals, as a rule, focus their attention on where the users are, and increasingly, people are accessing the Internet, email, and corporate networks via powerful mobile devices. Mobile device attacks have been around for years now, but historically have not been widespread, and were more akin to research projects than successful cybercrime businesses. But that’s changing‚Äîfast. Meanwhile, as more businesses embrace cloud computing and hosted services, cybercriminals are also looking to the cloud in search of moneymaking opportunities.
¬∑ The Internet Generation enters the workplace ignores security threats: Seven out of 10 young employees frequently ignore IT policies, and one in four is a victim of identity theft before the age of 30, according to the final set of findings from the three-part Cisco Connected World Technology Report. The study reveals startling attitudes toward IT policies and growing security threats posed by the next generation of employees entering the workforce ‚ a demographic that grew up with the Internet and has an increasingly on-demand lifestyle that mixes personal and business activity in the workplace. The desire for on-demand access to information is so ingrained in the incoming generation of employees that many young professionals take extreme measures to access the Internet, even if it compromises their company or their own security. Such behaviour includes secretly using neighbours’ wireless connections, sitting in front of businesses to access free Wi-Fi networks, and borrowing other people’s devices without supervision.
Considering that at least one of every three employees (36%) responded negatively when asked if they respect their IT departments, balancing IT policy compliance with young employees’ desires for more flexible access to social media, devices, and remote access is testing the limits of traditional corporate cultures. At the same time, these employee demands are placing greater pressure on recruiters, hiring managers, IT departments, and corporate cultures to allow more flexibility in the hope the next wave of talent can provide an edge over competitors.
¬∑ Cisco Global ARMS Race Index: Cisco’s Global Adversary Resource Market Share (ARMS) Race Index was designed to track the overall level of compromised resources worldwide and, over time, to provide a better picture of the online criminal community’s rate of success at compromising enterprise and individual users. According to data collected for this year’s index, the aggregate number that represents the level of compromised resources at the end of 2011 is 6.5, down slightly from the December 2010 level of 6.8. When the Cisco Global ARMS Race Index debuted in the Cisco 2009 Annual Security Report, the aggregate number was 7.2, which meant enterprise networks at the time were experiencing persistent infections, and consumer systems were infected at levels capable of producing consistent and alarming levels of service abuse.
¬∑ The 2011 Cisco Cybercrime Showcase: The third annual Cisco Cybercrime Showcase presents two awards for 2011 ‚ one acknowledging the outstanding contributions of an organisation in takedowns of some of the world’s worst botnets (the ‚Good,‚ Microsoft) and the other recognizing the growing influence of a loosely organised group of Black Hats associated with collaborative, international hacktivism (the ‚Bad,‚ Anonymous).
¬∑ Preview for 2012: As the threat landscape evolves, Cisco experts predict that some of the main trends for 2012 will be the continued theme of targeted attacks replacing mass attacks, a continuing increase of hacktivism, and attacks on critical infrastructure systems, as well as industrial control systems and supervisory control and data acquisition systems (ICS/SCADA).