It may not be fair, but cyber crime is cheap. How cheap? You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.

The low cost of cyber crime is one of the reasons the number of incidents has increased. This should raise the concern of any business or organization with an online presence. Let’s unpack how companies can protect themselves.

They’ve All Gone Phishing

Phishing has become more popular than ever. According to the FBI’s Internet Crime Complaint Center, the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the prior year. From there, attacks doubled again as phishing reached a monthly record in Q3 2021, according to a recent report from the Anti-Phishing Working Group (APWG).

The total number of incidents (reported & unreported) must be higher. A record 2 million phishing sites were reported in 2020, the most in a decade. This comes as no surprise, as phishing kits are so cheap.

Anyone Can Get a Phishing Kit

Phishing kits are .zip files with all the scripts required to deploy an attack. These kits enable anyone with minimal programming skills to unleash massive ransomware campaigns. In 2019, the average price of a phishing kit totaled $304, with the prices ranging between $20 and $880.

Recently, Microsoft discovered a campaign that used 300,000 newly created and unique phishing subdomains in one massive run. Microsoft also identified a phishing-as-a-service organization known as BulletProofLink. It resembled any other software-as-a-service brand, with tiered service levels, email and website templates, hosting, a newsletter and even 10% off your first order.

Meanwhile, even attackers get targeted. Some phish kits have been unlocked and posted for free on dark web forums.

Average Cost of a Ransomware Attack

On the other hand, suffering attacks is expensive. According to the IBM Cost of a Data Breach report, in 2021 the average cost of a ransomware attack totaled $4.62 million (not including the ransom, if paid). Compare that to the $66 attackers can pay for a ransomware kit.

Before you quit your day job to become a threat actor, be aware that the law is also ramping up investigative efforts. There’s even some evidence that the FBI can now track and recover funds paid for in cryptocurrency.

Bigger, More Sophisticated Threats

While ransomware makes the headlines, other, more sophisticated attacks reveal just how far threat actors will go to steal from you. Consider the case of Evaldas Rimasauskas, who, along with his co-conspirators, set up an actual company in Lithuania to mimic Quanta Computer, a Taiwan-based business partner of Google and Facebook.

From there, the imposter company sent phishing emails with fake invoices attached. Before they got caught, they fooled Google and Facebook into paying more than $100 million to bank accounts in Latvia and Cyprus.

Ransomware Prevention

Cyber crime continues to increase in scope and depth. Inexpensive phishing attacks lead to higher attack volumes. And phishing accounts for ransomware infections 42% of the time. Another 42% of ransomware attacks occur via exposed remote desktop protocol (RDP) services. RDP service attacks use brute force, weak credentials or phishing to gain access to legitimate usernames and passwords.

Due to the sheer volume and sophistication of attacks, piecemeal security measures are increasingly inadequate. That’s why security experts have also been hard at work to provide viable and effective solutions.

One way organizations are responding is by moving towards a zero trust approach. We can think of it this way: when someone rings your doorbell at home, you check to see who it is before you open the door. Zero trust runs on the same basic premise. Every user, device and connection must be verified, every time.

Zero Trust

As the threat landscape becomes more treacherous, better defenses are required. Zero trust incorporates some of the most advanced security methods to keep the growing tsunami of attacks at bay. Some of the methods used in zero trust strategies include:

  • Encrypt and back up your most valuable data
  • Embed artificial intelligence with analytics and deep learning for proactive protection and more accurate detection
  • Add threat response automation and analysis for a faster response
  • Collaborate with hundreds of thousands of users to detect and alert about emerging threats and vulnerabilities as early as possible
  • Identity Access Management (IAM) – Centralized workforce and consumer identity and access management in a single, cloud-native identity solution
  • Secure access service edge (SASE) – A framework that converges network and network security functions into a single cloud service model. Helps authenticate and authorize users anytime, anywhere using a least privilege model.

Fear the Future or Seize the Day?

While no business enjoys having to deal with growing security concerns, modern solutions can also enhance business function. If we take a closer look at SASE, we can see how this win-win scenario unfolds.

Since companies need anytime, anywhere access from any device for their users and third parties, organizations are moving away from virtual private networks. We all want low latency and seamless user experiences. Reliable, real-time context and secure application access to the public cloud are critical for IT and business teams today. This is made possible by SASE, which, in turn, beefs up security.

So yes, threat actors are busier than ever. They have access to cheap attack methods, or they cook up complex schemes. But solid, robust security responses exist as well. They can even be good for business in many other ways. And that’s good news.

More from Incident Response

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read

How Morris Worm Command and Control Changed Cybersecurity

4 min read - A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Control (C2 or C&C) infrastructure. The number of C2 servers used for launching cyberattacks increased by 30% in 2022. More than 17,000 of these servers were detected last year,…

4 min read