If it seems like you are hearing about more hacks, data breaches, viruses, malware, cyberattacks and identity theft these days, it's because there are more incidents than ever. Yes, cybercrime is indeed on the rise. That's probably because people are putting more of their life and finances online with each passing year. In other words, there are just many more targets for hackers to attack.
These threats are far from a secret. Software companies, gadget manufactures, banks, retailers and even hospitals and schools are locked in an arms race with hackers to constantly plug up security holes. Meanwhile, clever hackers push the envelope coming up with innovative new ways to trick people out of money and information. Sadly, far too many of us make it far too easy for crooks to have their way.
Advanced hackers are making tools that let intermediate or even beginning hackers pull off tough jobs. That means more hackers with advanced tools are swarming the Internet, so chances good that are sooner or later you will be a target.
But even as easy as it may seem, cybercrime is not without risks to the crooks. Earlier I told you about one identity thief sent to prison but not before stealing $1.4 million. Or the Alabama woman accused of a $335,000 scam over two years. For all the work and the danger involved, you might expect that there must be a reward payout that makes the risks of breaking the law worth it. And it turns out there is.
A security research firm called Trustwave did a detailed analysis of how much hacker tools cost on the black market vs. how much a hacker can make with them. When you see these numbers, you might be tempted to consider a life of cybercrime.
According to DarkReading.com, here's Trustwave's breakdown a typical hacker ransomware campaign. As a reminder, ransomware is a virus that locks your computer files so you can't open them until you pay a ransom. Learn how to defeat ransomware before it starts.
Anyway, in Trustwave's investigation, it found:
- Costs of a ransomware payload (CTB Locker in this example), infection vector (RIG exploit kit, which was most common), camouflaging services (encryption), and traffic (20,000 visitors) totaled $5,900 per month.
- Earnings for a 30-day campaign, assuming a 10 percent infection rate, a payout rate of 0.5 percent, and a $300 ransom, would total $90,000.
- That's a profit of $84,100 and a ROI of 1,425 percent.
Let's just take another look at those last figures: $84,100 net revenue for a 1,425% return on investment! And that's just for a single 30-day campaign. I would say, "sign me up," but there's still that pesky problem of breaking the law.
That isn't to say every hacker makes this much money or in the same way. Trustwave found that there are two kinds of hackers.
Opportunistic hackers do anything and everything to make money. They jump at whatever chance they see. They're also the ones who make money setting up exploits for other hackers.
Then there are the targeted hackers that have one particular method and area of interest, and they stick to it. They make money attacking certain targets or taking information exposed by opportunistic hackers and selling it or using it to scam people.
Does this insight into the hacker world make it more or less scary to you? Please let me know in the comment section below.