Cyber criminals could be earning as much as 20 times more than the cost of their attacks, according to figures compiled by Kaspersky Lab.
In its research, the vendor of software security products compared the cost of the most frequently used hacker tools with the money stolen in a successful malicious operation.
“Buying malware is currently not a problem: it’s easy to find them on various hacker forums, and they are relatively cheap, making them attractive.”
“A cyber criminal following this illegal path doesn’t even need any skills – for a fixed price they can get an off-the-peg package to launch their attacks at will,” said Alexander Gostev, chief security expert at Kaspersky Lab.
The group noted that creating a phishing page to mimic a popular social network and setting up a spam mass mailing linking to the fake site currently costs an average of $150.
However, if the users catch 100 people they can net up to $10,000 by selling sensitive data. The victims, in turn, lose their valuable contacts, personal photos and messages.
A mobile Trojan blocker is far more expensive – today it costs $1,000 on average to buy and distribute the malware. However, the “payoff” is also much higher. The prices that the attackers set for unblocking a smartphone vary from $10 to $200 which means that from 100 potential victims they can get up to $20,000.
The same sum can be earned by using encrypting ransomware but the “initial investment” will be twice as high – about $2,000. The users’ losses will be also higher because the minimum sum of the ransom requested by the fraudsters for decrypting the data is usually $100, Kaspersky Lab said.
To really hit the jackpot, fraudsters look for banking Trojans that target money directly. After spending about $3,000 on the malware, the exploit and a spam mail to spread them around, cyber criminals could scoop up to $72,000. The average loss of an individual victim is $722, Kaspersky Lab’s research found.