It’s fairly common when discussing the cost of things to compare it to other items people commonly buy. Commercials for charities often state that donating costs less than a cup of coffee per day, and many tech articles cite cost in terms of a visit to Starbucks (apparently coffee is a useful theme for comparison). A new infographic from Trustwave illustrates how much bad guys are paying for malware kits compared to ordinary things you might spend money on.
The sad fact is that you don’t have to be a coding genius to be a cybercriminal. You don’t have to know how to discover vulnerabilities, or craft custom exploits. Shady characters can simply shop for a malware kit that makes executing a malware attack about as simple as operating a microwave oven.
There is an underground black market for these sorts of malware kits. Trustwave researchers did some digging to find out how much it costs to acquire certain well-known malware kits, and they were shocked to find out just how cheap it can be to get into the cybercrime business.
For less than the cost of a decent tablet like the Amazon Kindle Fire HDX, or the Google Galaxy Nexus, you can buy the Neutrino Bot malware kit online. For about the same cost as buying a flagship smartphone like the iPhone 5s without a carrier subsidy, you can buy the Betabot Remote Access Trojan. If you want to spend as much as an average 7-day cruise for one person, you can move up to the Stoned Cat Bot mobile malware kit.
The average cost of a data breach for an organization is estimated to be $3.5 million. That data breach can be executed by an attacker with a couple hundred dollars—sitting in his underwear in his living room and checking a few boxes in a malware kit.
This is what businesses and consumers are up against. This is why it is more important than ever to have the right processes and tools in place to protect your network and devices. It is even more imperative to educate users and maintain awareness of security trends and emerging attacks.
If an attacker can spend as little as $200 to execute an attack that could cost your organization $3.5 million, you’d better put some very serious consideration into how much you want to invest in defending against that attack.