Most of us most probably think that people committing Cyber Crime make a lot of money. The contrary seems to be the case. Looking at Report: Most cybercriminals earn $1,000 to $3,000 a month it seems that the income is fairly minimal.
There is one statement in there, which I would challenge:
In many ways, the cybercrime organizations mirror traditional mafia groups
This is rarely what I see or experience but the rest seems plausible.
Besides this being an interesting piece of information, the questions raise, what does this mean for us? There are two possible conclusions we can draw:
- Our defenses are so good that the cost of getting into our networks is so high that this is all which is left at the end
- Our defenses are so bad that the market does not allow to sell the services for more money.
I would go for the second point as I think – looking at the most recent successful attacks – that in a lot of cases it does not take a lot to get in. With things like Yahoo confirms massive data breach affecting 500 million accounts how much can these accounts be worth? And most of these low level attacks (not knowing the details at Yahoo) can be prevented by just typical hygiene measures and not by sophisticated defenses.
Therefore, I think it is too late to get into this market – it is broken already. I guess, I will have to stay, where I am (I would be a bad criminal anyway)
- Verizon could seek discount in buying Yahoo, analysts say (sfgate.com)
- Yahoo hack: The ‘Exxon Valdez of security breaches’ (foxnews.com)
- Yahoo reports a billion breached accounts (thenextweb.com)
- LA County email hack exposes data of 750,000 people (mashable.com)