Cybercriminals Return on Investment Exceeds 100%
Posted by: Timothy Weaver on 06/10/2015 10:24 AM
[
Comments
]
New research has quantified cybercriminals spending and found that the average cybercriminal can expect a 1,425 percent return-on-investment (ROI).
Here is a sample case: a criminal could invest $3,000 to use a ransomware, specifically CTB Locker, for one month, and then invest an additional $2,900 on the infection vector, traffic acquisition and daily encryption, bringing the total cost for a one-month malware campaign up to $5,900.
Say the cybercriminal can infect 10% of the visitors to a web site, get 0.5 percent of them to pay a $300 ransomware over the course of 30 days, that would gross the criminal $90,000 or a net of $84,100 in profit and a 1,425 percent ROI.
Charles Henderson, vice president of managed security testing at Trustwave,said: “[This percentage] shows you and quantifies [cyber criminals'] motivation. The criminal enterprise around cybercrime is absolutely a big business, and it is focused, as well as refined, around numbers.”
Trustwave's study also looked at data breaches and remediation. It found that 81 percent of victims did not detect a breach themselves. A majority of the time, regulatory bodies, card brands or banks detected the compromised system and information.
As to ease of hacking, the study found that "password1" was still the most common business password.
Source: SCMagazine
Here is a sample case: a criminal could invest $3,000 to use a ransomware, specifically CTB Locker, for one month, and then invest an additional $2,900 on the infection vector, traffic acquisition and daily encryption, bringing the total cost for a one-month malware campaign up to $5,900.Say the cybercriminal can infect 10% of the visitors to a web site, get 0.5 percent of them to pay a $300 ransomware over the course of 30 days, that would gross the criminal $90,000 or a net of $84,100 in profit and a 1,425 percent ROI.
Charles Henderson, vice president of managed security testing at Trustwave,said: “[This percentage] shows you and quantifies [cyber criminals'] motivation. The criminal enterprise around cybercrime is absolutely a big business, and it is focused, as well as refined, around numbers.”
Trustwave's study also looked at data breaches and remediation. It found that 81 percent of victims did not detect a breach themselves. A majority of the time, regulatory bodies, card brands or banks detected the compromised system and information.
As to ease of hacking, the study found that "password1" was still the most common business password.
Source: SCMagazine
Comments
