Белая книга для Cisco Cisco Email Security Appliance C170

5

Cisco Security White Paper

Email Attacks: This Time It’s Personal

FIgure 3: Targeted Attack Message 

Economics of Attacks 

The economics of a typical campaign underscore the differ-
ence between mass and targeted attack business models. As 
a proxy, Table 3 compares the yield in the conversion pipeline 
and the relative economics to the cybercriminal for a sample 
mass phishing versus spearphishing attack: 

Table 3. Economics of Mass Phishing vs. Spearphishing Attacks

For an individual campaign, the economics of a spearphishing 
attack can be more compelling than for a mass attack. The 
costs are significantly higher, but so too are the yield and 
benefit. Cisco SIO estimates the costs of a spearphishing  
attack at five times the cost of a mass attack, given the quality 
of the list acquisition, botnet leased, email generation tools, 
malware purchased, website created, campaign administration 
tools, order processing back-end infrastructure, fulfillment 
providers, and user background research activity required. 
This significantly higher cost basis and greater effort requires 
highly specialized skills. It also requires higher yields to  
be effective. 
Cybercriminals are balancing competing priorities: Infect  
more users or keep the attack small enough to fly under 
security vendors’ radar? Spearphishing attack campaigns are 
limited in volume but offer higher user open and click-through 
rates. With these constraints, cybercriminals are increasingly 
focusing on business users with access to corporate banking 
accounts, to make sure they’re seeing sufficient return per 
infection. This is why the average value per victim can be  
40 times that of a mass attack. Ultimately, this approach is  
justified: Profit from a single spearphishing attack campaign 
can be more than 10 times that of a mass attack. 

Through this document we hereby inform you of the 

Litigation process started by XXXXXX Marketing 

LLC against the company you represent. You are 

required to produce the originals of all docu-

ments and other items which are responsive, in 

whole or in part, to any description set forth in 

this "Subpoena Schedule," regardless of where 

located, that are in your possession, custody, or 

control, or in the possession, custody or control 

of any of your partners, associates, employees, 

agents, representatives, accountants, or attor-

neys, along with all copies of any such document 

which differ from the original by virtue of any 

addition, deletion, alteration, notation, or 

inscription on any part of the document, includ-

ing its back.

The complete list of the required documents can 

be found at:

http://www.officialarticles.com/subpoena_files/

as well as the number of the complaint against 

your company placed for copyright infringement on 

12.21.2010 by the legal representative of XXXXXX  

Marketing LLC.  Failure to produce and present 

the requested documents can display in fines 

dictated by the court. 

XXXXX XXXXXXX

Senior Attorney

XXXXXXX  Law

From: XXXXXXXXXXXXXXX

Date: Wed, Jan 19, 2011 

To:   XXXXXXXXXXXXXXX

Subject: Commercial Litigation Subpoena

 

(Single Campaign)

(Single Campaign)

(A) Total Messages  

Sent in Campaign

                 

1,000,000 

                         

1,000 

(B) Block Rate

99%

99%

(C) Open Rate

3%

70%

(D) Click Through Rate   5%

50%

(E) Conversion Rate

50%

50%

Value per Victim

$2,000 

$80,000 

Total Cost for  

Campaign

$2,000 

$10,000