November 25, 2014

The Hackers’ Bounty: How Much Do Cybercriminals Make from Innocent Victims?

The Hackers’ Bounty: How Much Do Cybercriminals Make from Innocent Victims?

Woburn, MA – November 25, 2014 - Cybercriminals could be raking in profits 20 times greater than the cost of their attacks, according to figures compiled by Kaspersky Lab experts. Their research compared the cost of the most frequently used hacker tools with the money stolen in a successful malicious operation.

"Buying malware is currently not a problem: it’s easy to find them on various hacker forums, and they are relatively cheap, making them attractive. A cybercriminal following this illegal path doesn’t even need any skills – for a fixed price they can get an off-the-peg package to launch their attacks at will. As a result, users need to be especially careful to ensure they don’t lose their money or data. They should also protect their devices and all online operations performed on them, using a specialized solution such as Kaspersky Internet Security - multi-device,” says Alexander Gostev, Chief Security Expert at Kaspersky Lab.

For example, creating a phishing page to mimic a popular social network and setting up a spam mass mailing linking to the fake site currently costs an average of $150. However, if the attackers catch 100 people on their phishing page, they can net up to $10,000 by selling the sensitive data. The victims, in turn, lose their valuable contacts, personal photos and messages.

A mobile Trojan blocker is much more expensive. Today it costs $1,000 on average to buy and distribute the malware; however, the "payoff" is also much higher. The prices that the attackers set for unblocking a smartphone vary from $10 to $200, which means that from 100 potential victims they can make up to $20,000.

The same sum can be earned by using encrypting ransomware, but the "initial investment" will be twice as high - about $2,000. The attackers’ losses will also be higher because the minimum sum of the ransom requested by cybercriminals for decrypting the data is usually $100.

To really hit the jackpot, cybercriminals are look for banking Trojans that target money directly. After spending about $3,000 on the malware, the exploit and a spam mailing to spread the Trojans around, cybercriminals could scoop up to $72,000. The average loss of an individual victim is about $722.

For a visual of this research, please find an infographic in the Kaspersky Internet Security Center.

About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012.

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contacts
Sarah Bergeron

781.503.2615

Sarah.bergeron@kaspersky.com