Global Security Report – Cybercrime is big business. We hear it so often that the words threaten to lose their impact. But the details still have the capacity to shock.
In last year’s report, Trustwave demonstrated how attackers launching a malware infection campaign could expect to earn a breathtaking $84,100 in profit from an initial investment of just $5,900—an ROI of 1,425% – in just 30 days.
In parts of the world where many attacks originate, the prospect of that kind of money can mean a trip out of poverty to a life of riches and glamour. Small wonder, then, that investigating cybercrime reveals something that looks very much like… a business.
The biggest cybercrime operations are essentially computer software and services companies, albeit illicit ones. Developers create tools that they sell or rent to customers through online black markets, complete with sales, money back guarantees, and reputation systems to provide customers with assurances that they won’t get ripped off. As enterprise software vendors have increasingly moved to the cloud, so too have malware vendors.
Where once prospective cybercriminals bought exploit kits as packaged software, today they pay for access to a central server administered by the exploit kit maker, who keeps it stocked with the freshest exploits and all the tools one needs to exploit thousands of unsuspecting computers. Malware-as-a-service. Understanding the motivations and resources of professional cybercriminals is key to defending against them.
In that spirit, we present the 2016 Global Security Report. In these pages, they have collected and organized statistics and analysis that Trustwave researchers have gathered from around the world, from breach investigations, incident reports, vulnerability research, and telemetry from products and services.
It provides information about data compromise incidents, vulnerabilities and exploits, attacks on web platforms, threats delivered through the web and email, and a range of other important and timely security topics. For an extra look at some of the internals of the cybercrime business, be sure to check out our special sections on malvertising and on attacks targeting the software supply chain.
If cybercrime is a business, you can consider this report your guide to its business plan. Use it to learn more about what the criminals are doing now, what they may do in the future, and the steps you can take to keep them away.
Download the REPORT HERE