One of the reasons cybercrime is so prevelant is that you don’t actually have to be a skilled hacker any more.  There is a whole black market of denial-of-service attacks, ransomware, and exploit kits for sale – with an hour long DDoS attack starting at just $10.  One service called BlackTDS will even run the malware campaigns and spam advertisements on a hosted server for would be hackers who don’t have the equipment or expertise to do it themselves.

This online shopping portal for criminals ranges from the $10 attack to $500 exploit kits, and pricier banking Trojans which start at $3,000.  Even the higher priced malware is a bargain when you consider that a single ransom payment could be many times the cost if the data is valuable enough that the target will pay to regain access to it.  Lists of potential targets are also sold in these portals, and hackers can get very specific as in “law firms in New England” or “insurance agencies in the Southwest with 10-50 staff” based on who they feel will be the best fit for their campaigns, or fit the profile for the data they want to steal.

Data is the real pay off.  Even if you pay the ransom, if the exploit copied your data back to the hacker(s), they can go back to the dark web and sell it.  Credit card numbers are generally valued at around $10, but the value decreases quickly the longer they are on the site as fraud may be detected and the cards deactivated.  Personal information that can be used to steal someone’s identity and open new accounts is much more valuable as most consumers don’t have monitoring in place to be aware of the new accounts for months.

Understanding these threats is the first step to protecting your organization.  We can help you understand your level of risk and steps to minimize it.

Website | + posts

Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.