It may not be fair, but cyber crime is cheap. How cheap? You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.

The low cost of cyber crime is one of the reasons the number of incidents has increased. This should raise the concern of any business or organization with an online presence. Let’s unpack how companies can protect themselves.

They’ve all gone phishing

Phishing has become more popular than ever. According to the FBI’s Internet Crime Complaint Center, the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the prior year. From there, attacks doubled again as phishing reached a monthly record in Q3 2021, according to a recent report from the Anti-Phishing Working Group (APWG).

The total number of incidents (reported & unreported) must be higher. A record 2 million phishing sites were reported in 2020, the most in a decade. This comes as no surprise, as phishing kits are so cheap.

Anyone can get a phishing kit

Phishing kits are .zip files with all the scripts required to deploy an attack. These kits enable anyone with minimal programming skills to unleash massive ransomware campaigns. In 2019, the average price of a phishing kit totaled $304, with the prices ranging between $20 and $880.

Recently, Microsoft discovered a campaign that used 300,000 newly created and unique phishing subdomains in one massive run. Microsoft also identified a phishing-as-a-service organization known as BulletProofLink. It resembled any other software-as-a-service brand, with tiered service levels, email and website templates, hosting, a newsletter and even 10% off your first order.

Meanwhile, even attackers get targeted. Some phish kits have been unlocked and posted for free on dark web forums.

Average cost of a ransomware attack

On the other hand, suffering attacks is expensive. According to the IBM Cost of a Data Breach report, in 2021 the average cost of a ransomware attack totaled $4.62 million (not including the ransom, if paid). Compare that to the $66 attackers can pay for a ransomware kit.

Before you quit your day job to become a threat actor, be aware that the law is also ramping up investigative efforts. There’s even some evidence that the FBI can now track and recover funds paid for in cryptocurrency.

Bigger, more sophisticated threats

While ransomware makes the headlines, other, more sophisticated attacks reveal just how far threat actors will go to steal from you. Consider the case of Evaldas Rimasauskas, who, along with his co-conspirators, set up an actual company in Lithuania to mimic Quanta Computer, a Taiwan-based business partner of Google and Facebook.

From there, the imposter company sent phishing emails with fake invoices attached. Before they got caught, they fooled Google and Facebook into paying more than $100 million to bank accounts in Latvia and Cyprus.

Ransomware prevention

Cyber crime continues to increase in scope and depth. Inexpensive phishing attacks lead to higher attack volumes. And phishing accounts for ransomware infections 42% of the time. Another 42% of ransomware attacks occur via exposed remote desktop protocol (RDP) services. RDP service attacks use brute force, weak credentials or phishing to gain access to legitimate usernames and passwords.

Due to the sheer volume and sophistication of attacks, piecemeal security measures are increasingly inadequate. That’s why security experts have also been hard at work to provide viable and effective solutions.

One way organizations are responding is by moving towards a zero trust approach. We can think of it this way: when someone rings your doorbell at home, you check to see who it is before you open the door. Zero trust runs on the same basic premise. Every user, device and connection must be verified, every time.

Zero trust

As the threat landscape becomes more treacherous, better defenses are required. Zero trust incorporates some of the most advanced security methods to keep the growing tsunami of attacks at bay. Some of the methods used in zero trust strategies include:

  • Encrypt and back up your most valuable data
  • Embed artificial intelligence with analytics and deep learning for proactive protection and more accurate detection
  • Add threat response automation and analysis for a faster response
  • Collaborate with hundreds of thousands of users to detect and alert about emerging threats and vulnerabilities as early as possible
  • Identity Access Management (IAM) – Centralized workforce and consumer identity and access management in a single, cloud-native identity solution
  • Secure access service edge (SASE) – A framework that converges network and network security functions into a single cloud service model. Helps authenticate and authorize users anytime, anywhere using a least privilege model.

Fear the future or seize the day?

While no business enjoys having to deal with growing security concerns, modern solutions can also enhance business function. If we take a closer look at SASE, we can see how this win-win scenario unfolds.

Since companies need anytime, anywhere access from any device for their users and third parties, organizations are moving away from virtual private networks. We all want low latency and seamless user experiences. Reliable, real-time context and secure application access to the public cloud are critical for IT and business teams today. This is made possible by SASE, which, in turn, beefs up security.

So yes, threat actors are busier than ever. They have access to cheap attack methods, or they cook up complex schemes. But solid, robust security responses exist as well. They can even be good for business in many other ways. And that’s good news.

More from Risk Management

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today