Rapidly Changing Cybersecurity Economics Create Need to Push Battle into the Cloud

Version imprimable, PDF et e-mail

One of the primary reasons there are so many cyberattacks is thanks to automation the cost of launching a cyberattack is nominal. In fact, it may be approaching zero.

A new report from Armor, a provider of managed security services, details what cybersecurity professionals are up against. An analysis of tools found on the DarkWeb and various underground markets include:

  • A service for launching a distributed denial of service (DDoS) attack that costs $10 an hour.
  • A Disdain exploit kit frequently used to launch “malvertising” attacks can be rented for $80 a day, $500 a week or $1,400 a month.
  • A password stealer based on exploit kits such as Stegano can be had for $50.
  • Remote access to a machine via Remote Desktop Protocol (RDP) for three months costs $35.
  • Access to a Blow-bot botnet, which includes webinject and other capabilities, ranges from $750 to $1,200 a month. Support services cost an extra $100 or $150 a month.
  • Microsoft Office exploit builder that targets CVE-2017-1099 are selling for as much as $1,000.
  • A banking trojan license could be purchased for $3,000 to $5,000.

Based on the going rates for various types of data being stolen the report suggests it doesn’t take very long for cybercriminals to recoup their investment. Examples of the going rates for various types of data include:

  • Credit cards from Visa, American Express and Master Card are sold for as little as $10.
  • PayPal and bank account credentials range from $200-$1,000.
  • Hotel and airline points sell for roughly $30 – $150.
  • U.S. Green Cards, driver’s licenses, insurance information, passports and Visas are bundled for $2,000.

It’s clear that cybercrime has become an industry on to itself. Hackers with even the most nominal of IT skills can be employed to launch massive attacks. Much of that criminal activity is now organized by individuals that clearly are willing to plow profits back into their business. Cybersecurity professionals should assume that organized cybercrime syndicates already have access to advanced machine learning algorithms, many of which may have been provided by nation states that have contracted their services.

There’s very little cybersecurity professionals can do to disrupt that criminal activity. But it does help explain why now it only takes a few minutes for cybercriminals to discover and exploit a vulnerability left unpatched. In fact, cybersecurity professionals are now in nothing less than a race to discover those vulnerabilities first. But if that vulnerability has existed for more than hour or so they also need to assume that vulnerability has not only already been compromised, the malware deposited has begun moving laterally across the organization.

Most cybersecurity professionals are being outmanned and out automated. Click To Tweet

The truth of the matter, however, is that most cybersecurity professionals are being outmanned and out automated. Organized crime has created what amounts to an instance of a “Gig Economy” for hackers leveraging automated bots capable of distributing attacks around the world in minutes. The only effective response is for cybersecurity professionals to invest in automation infused by machine and deep learning algorithms of their own. The issue is those algorithms require access to massive amounts of data to be effective. That volume of data can only be cost-effectively aggregated in a cloud service. In effect, the cloud is rapidly becoming both the first and last line of defense for detecting and blocking threats. Because of the tools available to cybercriminals everything beyond that cloud line is becoming too vulnerable to effectively defend.

Military professionals know that any battle fought within the borders of your country inflicts higher civilian casualties and economic damage than a battle fought beyond them. The same is true for cybersecurity. If that battle is being waged at the network perimeter, chances are high damage is going to be incurred. Going forward, cybersecurity is going to depend on fighting and winning as many battles as possible in the cloud long before a cyberattack ever gets the chance to reach the network perimeter.


Remonter en haut de page