Symantec Estimates Cybercrime Economy At $276 Million - InformationWeek
IoT
IoT
Government // Cybersecurity
News
11/21/2008
07:26 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Symantec Estimates Cybercrime Economy At $276 Million

However, the potential value of the credit card information and bank account credentials being sold, if criminally exploited to its maximum potential, could reach $7 billion.

Not every industry is suffering from a financial meltdown, apparently.

More than $276 million worth of cybercrime goods and services were advertised online between July 1, 2007 and June 30, 2008, according to Symantec.

The security company's report on the underground cybercrime economy, to be released on Monday, finds that stolen data and crime tools are widely available and quite affordable.

The $276 million figure is the amount the cybercriminals would get if they sold everything at advertised prices.

Symantec estimates that the potential value of the credit card information and bank account credentials being sold, if criminally exploited to its maximum potential, would reach $7 billion.

Stolen credit card information accounts for 59% of that $276 million.

Symantec spotted 69,130 unique advertisers among some 44 million messages posted on underground economy servers.

Ninety-eight percent of such servers have a lifespan of less than six months. Forty-one percent were hosted in the United States and 13%, the second-largest percentage, were hosted in Romania.

The most expensive attack tool, Symantec found, was a botnet, which could be had for an average price of $225. Hosting for phishing services averaged $10, with a low of $2 and a high of $80. Keystroke loggers averaged $23.

Vulnerabilities sold for $100 to $2,999, and averaged $740. But vulnerabilities in the underground economy aren’t necessarily priced in terms of value.

Bank account credentials sold for between $10 and $1,000 generally, depending on how much money was in the associated bank account.

"In some cases, it appears the same vulnerability was advertised at both the low and high ends of the price range," the Symantec report says. "This may indicate that the value of the exploit decreased as it became over-traded, resulting in many attackers exploiting the same vulnerability in the same financial service."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll