Phishing is Easy: Economics of the Malware Industry

Tue, Apr, 02, 2019 @ 14:04 PM

Schedule a FREE IT Network Assessment

Launching a Cyberattack is Easy

Or at the very least, much easier than it used to be. Although byzantine by today’s malware standards, the viruses and trojans of the early 1990s were sophisticated threats for their time. Furthermore, these first proto-cyberattacks required a substantial amount of effort to deploy successfully. 

The 1989 AIDS Trojan (also known as the PC Cyborg virus) is a great example. Created by an evolutionary biologist with a Harvard PhD, the malware was printed on 10,000 floppy disks and distributed to 90 different countries around the globe. After a set number of reboots, the virus would encrypt the user’s files and demand that a money order be sent to an anonymous PO box in Panama. According to his diaries, the perpetrator Dr. Joseph L. Popp spent nearly two years preparing his scam, which became the first documented use of ransomware.Cyborg

(For anyone who is interested, this is a fascinating story all its own. Medium has a great article on the AIDS Trojan if you’d like to learn more).

The world we live in today is very different. Launching a cyberattack today requires substantially less technical sophistication and effort. The tools needed to launch a cyberattack are more readily available and easier to use than ever before. As a matter of fact, cybercriminal activity has become more organized than ever before. The darkest corners of the web play host to malware sales forums, where malware vendors peddle code in exchange for cryptocurrency, not unlike guerillas at an arms bazaar. In economic terms, this evolution represents a lower barrier to entry for would-be hackers. Deloitte estimates the majority of cybercriminal enterprises operate for at little as $34 per month. You can view their 2018 Cost of Pwnership study here

The ease of launching a cyberattack, coupled with the chance of a lucrative payday suggests we will see more hackers and malware in the future, not less. It goes without saying that cybersecurity should be a top priority for every business, small or large.

Request an IT Network Assessment!