It may not be fair, but cyber crime is cheap. How cheap? You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.

The low cost of cyber crime is one of the reasons the number of incidents has increased. This should raise the concern of any business or organization with an online presence. Let’s unpack how companies can protect themselves.

They’ve All Gone Phishing

Phishing has become more popular than ever. According to the FBI’s Internet Crime Complaint Center, the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the prior year. From there, attacks doubled again as phishing reached a monthly record in Q3 2021, according to a recent report from the Anti-Phishing Working Group (APWG).

The total number of incidents (reported & unreported) must be higher. A record 2 million phishing sites were reported in 2020, the most in a decade. This comes as no surprise, as phishing kits are so cheap.

Anyone Can Get a Phishing Kit

Phishing kits are .zip files with all the scripts required to deploy an attack. These kits enable anyone with minimal programming skills to unleash massive ransomware campaigns. In 2019, the average price of a phishing kit totaled $304, with the prices ranging between $20 and $880.

Recently, Microsoft discovered a campaign that used 300,000 newly created and unique phishing subdomains in one massive run. Microsoft also identified a phishing-as-a-service organization known as BulletProofLink. It resembled any other software-as-a-service brand, with tiered service levels, email and website templates, hosting, a newsletter and even 10% off your first order.

Meanwhile, even attackers get targeted. Some phish kits have been unlocked and posted for free on dark web forums.

Average Cost of a Ransomware Attack

On the other hand, suffering attacks is expensive. According to the IBM Cost of a Data Breach report, in 2021 the average cost of a ransomware attack totaled $4.62 million (not including the ransom, if paid). Compare that to the $66 attackers can pay for a ransomware kit.

Before you quit your day job to become a threat actor, be aware that the law is also ramping up investigative efforts. There’s even some evidence that the FBI can now track and recover funds paid for in cryptocurrency.

Bigger, More Sophisticated Threats

While ransomware makes the headlines, other, more sophisticated attacks reveal just how far threat actors will go to steal from you. Consider the case of Evaldas Rimasauskas, who, along with his co-conspirators, set up an actual company in Lithuania to mimic Quanta Computer, a Taiwan-based business partner of Google and Facebook.

From there, the imposter company sent phishing emails with fake invoices attached. Before they got caught, they fooled Google and Facebook into paying more than $100 million to bank accounts in Latvia and Cyprus.

Ransomware Prevention

Cyber crime continues to increase in scope and depth. Inexpensive phishing attacks lead to higher attack volumes. And phishing accounts for ransomware infections 42% of the time. Another 42% of ransomware attacks occur via exposed remote desktop protocol (RDP) services. RDP service attacks use brute force, weak credentials or phishing to gain access to legitimate usernames and passwords.

Due to the sheer volume and sophistication of attacks, piecemeal security measures are increasingly inadequate. That’s why security experts have also been hard at work to provide viable and effective solutions.

One way organizations are responding is by moving towards a zero trust approach. We can think of it this way: when someone rings your doorbell at home, you check to see who it is before you open the door. Zero trust runs on the same basic premise. Every user, device and connection must be verified, every time.

Zero Trust

As the threat landscape becomes more treacherous, better defenses are required. Zero trust incorporates some of the most advanced security methods to keep the growing tsunami of attacks at bay. Some of the methods used in zero trust strategies include:

  • Encrypt and back up your most valuable data
  • Embed artificial intelligence with analytics and deep learning for proactive protection and more accurate detection
  • Add threat response automation and analysis for a faster response
  • Collaborate with hundreds of thousands of users to detect and alert about emerging threats and vulnerabilities as early as possible
  • Identity Access Management (IAM) – Centralized workforce and consumer identity and access management in a single, cloud-native identity solution
  • Secure access service edge (SASE) – A framework that converges network and network security functions into a single cloud service model. Helps authenticate and authorize users anytime, anywhere using a least privilege model.

Fear the Future or Seize the Day?

While no business enjoys having to deal with growing security concerns, modern solutions can also enhance business function. If we take a closer look at SASE, we can see how this win-win scenario unfolds.

Since companies need anytime, anywhere access from any device for their users and third parties, organizations are moving away from virtual private networks. We all want low latency and seamless user experiences. Reliable, real-time context and secure application access to the public cloud are critical for IT and business teams today. This is made possible by SASE, which, in turn, beefs up security.

So yes, threat actors are busier than ever. They have access to cheap attack methods, or they cook up complex schemes. But solid, robust security responses exist as well. They can even be good for business in many other ways. And that’s good news.

More from Incident Response

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today