Examining the low cost of cybercrime

If you want to know why attackers are able to outflank CISOs take a look at the latest annual underground hacker market from Dell SecureWorks, which lists average prices data and services offered around the world. It shows how cheap it is to get into business.

It costs only $500 (all prices U.S.) to hire someone to crack a corporate mailbox, or $129 to break into a Gmail/Yahoo account. To break into a Web site a service charges $350. For $90 you can get a victim’s IP address.

A so-called Fullz (full information package) on a Canadian, likely from stolen data, with name, address, credit card information, date of birth and more runs a mere $20 — down from $35 to $45 in 2014.

A remote access Trojan runs between $5 and $10. An Angler exploit kit will cost between $100 and $135.

Denial of service attacks are charged by the clock: $5 to $10 an hour, $30-$55 a day or $200 – $555 a week.

And for those who don’t know what they’re doing, tutorials are available for between $20 and $40.

These rental services — and promises of good customer support like round the clock support in some cases and satisfaction-guaranteed-or-your-money-back promises — are the biggest reason why CISOs shouldn’t expect to see a decline in the number and variety of attacks on their organizations any time soon.

Small wonder a former Scotland Yard cyber crime expert was quoted as saying there’s almost no hope for security on Internet. “We have been talking about this for years and the fundamental dichotomy relates to funding and collaboration. The miscreants are light years ahead of the Internet security community in terms of their R&D budgets and the maturity of their marketing and sales operations.”

What do CISOs need to do? Dell has a long list of suggestions, which boil down to a full data protection strategy. Number one on the list is teaching employees spot computer security threats, particularly spear phishing.

Also advocated is mandating the use of two-factor authentication for all remote access solutions and for all company employees and business partners authorized to access the corporate network.

Limiting the number of people who have administration accounts and access to sensitive data, of course, is on the list.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now