Белая книга для Cisco Cisco Email Security Appliance X1070
5
Cisco Security White Paper
Email Attacks: This Time It’s Personal
FIgure 3: Targeted Attack Message
Economics of Attacks
The economics of a typical campaign underscore the differ-
ence between mass and targeted attack business models. As
a proxy, Table 3 compares the yield in the conversion pipeline
and the relative economics to the cybercriminal for a sample
mass phishing versus spearphishing attack:
ence between mass and targeted attack business models. As
a proxy, Table 3 compares the yield in the conversion pipeline
and the relative economics to the cybercriminal for a sample
mass phishing versus spearphishing attack:
Table 3. Economics of Mass Phishing vs. Spearphishing Attacks
For an individual campaign, the economics of a spearphishing
attack can be more compelling than for a mass attack. The
costs are significantly higher, but so too are the yield and
benefit. Cisco SIO estimates the costs of a spearphishing
attack at five times the cost of a mass attack, given the quality
of the list acquisition, botnet leased, email generation tools,
malware purchased, website created, campaign administration
tools, order processing back-end infrastructure, fulfillment
providers, and user background research activity required.
This significantly higher cost basis and greater effort requires
highly specialized skills. It also requires higher yields to
be effective.
Cybercriminals are balancing competing priorities: Infect
more users or keep the attack small enough to fly under
security vendors’ radar? Spearphishing attack campaigns are
limited in volume but offer higher user open and click-through
rates. With these constraints, cybercriminals are increasingly
focusing on business users with access to corporate banking
accounts, to make sure they’re seeing sufficient return per
infection. This is why the average value per victim can be
40 times that of a mass attack. Ultimately, this approach is
justified: Profit from a single spearphishing attack campaign
can be more than 10 times that of a mass attack.
attack can be more compelling than for a mass attack. The
costs are significantly higher, but so too are the yield and
benefit. Cisco SIO estimates the costs of a spearphishing
attack at five times the cost of a mass attack, given the quality
of the list acquisition, botnet leased, email generation tools,
malware purchased, website created, campaign administration
tools, order processing back-end infrastructure, fulfillment
providers, and user background research activity required.
This significantly higher cost basis and greater effort requires
highly specialized skills. It also requires higher yields to
be effective.
Cybercriminals are balancing competing priorities: Infect
more users or keep the attack small enough to fly under
security vendors’ radar? Spearphishing attack campaigns are
limited in volume but offer higher user open and click-through
rates. With these constraints, cybercriminals are increasingly
focusing on business users with access to corporate banking
accounts, to make sure they’re seeing sufficient return per
infection. This is why the average value per victim can be
40 times that of a mass attack. Ultimately, this approach is
justified: Profit from a single spearphishing attack campaign
can be more than 10 times that of a mass attack.
Through this document we hereby inform you of the
Litigation process started by XXXXXX Marketing
LLC against the company you represent. You are
required to produce the originals of all docu-
ments and other items which are responsive, in
whole or in part, to any description set forth in
this "Subpoena Schedule," regardless of where
located, that are in your possession, custody, or
control, or in the possession, custody or control
of any of your partners, associates, employees,
agents, representatives, accountants, or attor-
neys, along with all copies of any such document
which differ from the original by virtue of any
addition, deletion, alteration, notation, or
inscription on any part of the document, includ-
ing its back.
The complete list of the required documents can
be found at:
http://www.officialarticles.com/subpoena_files/
as well as the number of the complaint against
your company placed for copyright infringement on
12.21.2010 by the legal representative of XXXXXX
Marketing LLC. Failure to produce and present
the requested documents can display in fines
dictated by the court.
XXXXX XXXXXXX
Senior Attorney
XXXXXXX Law
From: XXXXXXXXXXXXXXX
Date: Wed, Jan 19, 2011
To: XXXXXXXXXXXXXXX
Subject: Commercial Litigation Subpoena
Example of a
Typical Campaign
Mass Phishing
Attack
(Single Campaign)
Spearphishing
Attack
(Single Campaign)
(A) Total Messages
Sent in Campaign
1,000,000
1,000
(B) Block Rate
99%
99%
(C) Open Rate
3%
70%
(D) Click Through Rate 5%
50%
(E) Conversion Rate
50%
50%
Victims
8
2
Value per Victim
$2,000
$80,000
Total Value
from Campaign
$16,000
$160,000
Total Cost for
Campaign
$2,000
$10,000
Total Profit
from Campaign
$14,000
$150,000