For less than the cost of a week’s groceries, you too can be a cybercriminal

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.csoonline.com/article/2457448/malware-cybercrime/for-less-than-the-cost-of-a-week-s-groceries-you-too-can-be-a-cybercriminal.html

It’s fairly common when discussing the cost of things to compare it to
other items people commonly buy. Commercials for charities often state that
donating costs less than a cup of coffee per day, and many tech articles
cite cost in terms of a visit to Starbucks (apparently coffee is a useful
theme for comparison). A new infographic from Trustwave illustrates how
much bad guys are paying for malware kits compared to ordinary things you
might spend money on.

The sad fact is that you don’t have to be a coding genius to be a
cybercriminal. You don’t have to know how to discover vulnerabilities, or
craft custom exploits. Shady characters can simply shop for a malware kit
that makes executing a malware attack about as simple as operating a
microwave oven.

There is an underground black market for these sorts of malware kits.
Trustwave researchers did some digging to find out how much it costs to
acquire certain well-known malware kits, and they were shocked to find out
just how cheap it can be to get into the cybercrime business.

For less than the cost of a decent tablet like the Amazon Kindle Fire HDX,
or the Google Galaxy Nexus, you can buy the Neutrino Bot malware kit
online. For about the same cost as buying a flagship smartphone like the
iPhone 5s without a carrier subsidy, you can buy the Betabot Remote Access
Trojan. If you want to spend as much as an average 7-day cruise for one
person, you can move up to the Stoned Cat Bot mobile malware kit.

The average cost of a data breach for an organization is estimated to be
$3.5 million. That data breach can be executed by an attacker with a couple
hundred dollars—sitting in his underwear in his living room and checking a
few boxes in a malware kit.

This is what businesses and consumers are up against. This is why it is
more important than ever to have the right processes and tools in place to
protect your network and devices. It is even more imperative to educate
users and maintain awareness of security trends and emerging attacks.

If an attacker can spend as little as $200 to execute an attack that could
cost your organization $3.5 million, you’d better put some very serious
consideration into how much you want to invest in defending against that
attack.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!