What is the real motivation for a cyber crime? Is it thrill or someone wanting to make a statement or is it pure economic motivation? If you take a look at the ‘2015 Trustwave Global Security Report’, which was released recently, you would find that cyber criminals are raking in huge money by running infection campaigns.
The report documents that attackers launching a malware infection campaign could expect to earn a breathtaking 1,425% return on investment (ROI) – or $84,000 in revenue over a period of just 30 days.
To calculate the average ROI that can be obtained by the manager of an infection campaign, Trustwave researchers accounted for four primary attack ingredients widely available for sale in underground web forums – and then what their cost would be to purchase and use over a month
This consisted of:
1. The payload (such as ransomware or a trojan),
2. The infection vector (typically automated emails that lead to an exploit kit),
3. The stolen web traffic (visitors to compromised websites redirected to the exploit kit) and
4. The encryption functionality (to hide the payload from anti-virus detection).
Trustwave researchers then tabulated what criminals should expect to gain by fleecing their victims, based on market estimates.
Finally, the researchers tallied the damage to derive an estimated ROI that the campaign’s owner could be expected to take home over a 30-day period.
Cyber crime is a proper business
Trustwave says that calling it a racket fails to allot enough credit to the professionalism and orchestration of these heists. Cyber criminals think just like a business does. Just like a business, they also think ‘How do you grow your revenue? Which marketing campaigns must you invest in? Cyber criminals think of collecting the best ROI from their investments, and from current standards, the ROI is huge.