Mark Dalby

A report released Thursday by Cisco confirms what may have become fairly obvious to security professionals and industry followers over recent months: Cybercriminals are scrapping widespread malicious email campaigns for more targeted attacks.

“Cybercriminals are balancing competing priorities,” the report said. “Infect more users or keep the attack small enough to fly under security vendors’ radar.”

One side appears to be winning out. The Cisco white paper, “Email Attacks: This Time it’s Personal,” reveals a dramatic drop in profits accrued by crooks who launch traditional attacks, such as delivering malware-laden or phishing emails.

The U.S. point person for one of the largest phishing rings ever to be brought down has been sentenced to 11 years in prison for his part in stealing more than $ 1 million from victims.

Kenneth Lucas II, 27, of Los Angeles who led the U.S. arm of a global phishing operation that resulted in more than 100 arrests in 2009, previously pleaded guilty to 49 counts of bank and wire fraud, aggravated identity theft, computer fraud and money laundering conspiracy.

The takedown, codenamed “Operation Phish Phry,” remains one of the largest cybercrime busts in history, according to the FBI. About 50 individuals from California, Nevada and North Carolina, in addition to another 50 Egyptian citizens, were charged.

A Los Angeles man has been sentenced to a total of 13 years in jail after being found guilty of leading an international phishing operation, and growing marijuana on an industrial scale in his house.

27-year-old Kenneth Joseph Lucas II was sentenced after judges found the Los Angeles man guilty of leading the US branch of an international phishing operation that stole banking login details through spam email and bogus websites.

In addition, Lucas found himself on the wrong side of the law for growing more than 100 marijuana plants in his home, in a set-up which included an irrigation system, fans, indoor lighting and ventilation. He was clearly proud of his industrial scale marijuana operation as he posted videos on YouTube showing off his set-up.

Reports that cybercriminals have been hosting their IT resources on Amazon’s cloud systems have been around for a while, but now it appears that hackers are using the Google Docs platform, according to Mikko Hypponen, chief researcher with F-Secure.

According to Hypponen, because spreadsheets can contain a variety of functionality, even to the extent of interactive forms, it seems that cybercriminals are now hosting these on the Google Docs system.

Examples, he notes in his latest security blog, include several being hosted on spreadsheets.google.com. These are, he says, quite nasty attacks, as the phishing pages are hosted on the real Google.com, complete with a valid SSL certificate. The problem is now, adds Hypponen, how to identify a Google Docs file as a potential phishing exploit. In an example cited, he says that – initially at least – “the page obviously looks like phishing: it’s hosted on the public spreadsheets.google.com server where anyone can host forms.”