Attackers’ RoI Over 1,400%: Report

Wednesday, June 10, 2015 @ 01:06 PM gHale

While law enforcement is starting to catch on to cyber crime, being a bad guy does have a big return on investment (RoI).

If you look at Trustwave’s latest survey enititled, “2015 Global Security Report” it is easy to extract a whopping 1,400 percent return.

DDoS Attacks Go Big in Q1: Report
IoT Prevalent, Opens Network to Attack
Industrial Security: A CEO’s Perspective
Realize IIoT Benefits

The security company created a sample case study for the average attack. In the scenario, a bad guy could invest $3,000 to lease some ransomware like the CTB Locker, for one month and then invest an additional $2,900 on the infection vector, traffic acquisition and daily encryption, bringing the cost for a one-month malware campaign up to $5,900.

Then go under the assumption, the attacker can infect 10 percent of visitors to a chosen target website, and successfully get 0.5 percent of them to pay a $300 ransom over the course of 30 days, the criminal could take in $90,000. This comes out to $84,100 in profit and a 1,425 percent RoI.

Trustwave’s study also found 81 percent of victims did not detect a breach themselves. A majority of the time, regulatory bodies, card brands or banks detected the compromised system and information. In 12 percent of cases, law enforcement detected the breach first.

Some other facts from the study:
• 86 days was the median length it took to detect a breach
• 111 days was the median length of a breach, from intrusion to containment
• “Password1” was still the most common password
• 39 percent of passwords were eight characters long
• It takes one day to crack an eight-character password
• It takes 591 days to crack a ten-character password

Click here to register for the report.