TORONTO – The profile of a hacker has changed dramatically over the last number of years. Today’s hacker isn’t any more your pimply-face teenager with a chip on his shoulder in his Mom’s basement.
Today’s hacker has one primary objective: make money.
There are other hackers who are part of nation states intent on doing harm to governments or large corporations. But for this story CDN will focus on the hacker whose only objective is profit.
Recently, CDN participated in Cisco Canada’s Security Day and Steve Gindi, the advanced threat security director at Cisco Canada outlined the main sources of revenue for hackers. Some of these revenue sources will surprise many on how low they are.
For example, a single social security number is valued at only $1. Denial of Service attacks only nets a hacker $7 an hour. That’s about $4 under minimum wage in Canada.
But there are some other more lucrative areas, according to Gindi.
- Access to medical records is $50 per record.
- Credit card data is sometime as low as a quarter and can go as high as $60.
- Bank account information can be more valuable at an average of $1,000 depending on the account type.
- Mobile malware is valued at $150.
- Spam is on the rise and has a value of $50 for 500,000 emails.
- Exploits are valued higher at $1,000 for 300,000.
- Commercial malware development is $2,500.
- But, a Facebook account with 15 friends is only worth a buck.
- All these revenue sources for hackers has led to the global cybercrime market surging from $450 billion to reach $1 trillion, according to Cisco.
And, it’s going to get worse Gindi believes as new threats from objects that are connected to the Internet maybe be a new avenue for hackers.
One example of this Gindi pointed out is the e-cigarette. Gindi told CDN that there is e-cigarette malware that can be downloaded through a USB connection. “With the Internet of Things anything can be a connector to malware,” he said.
“There is no silver bullet. No firewall, anti-virus, PKI sandboxing none of those alone provide an answer. Now you can take common sites like DropBox, where most organizations permit their users to access along with other cloud services. All these downloaded files can get together and launch an attack.”
One approach Cisco is using with its security strategy with channel partners is to provide cost savings for customers. Cisco’s FirePower next generation IPS collectively saves a mid-size customer approximately $230,100 per year by concentrating on impact assessments of IPS events along with linking IPS events to users. These cost savings were identified by Cisco Canada cyber security regional manager Jack Pagano.
Pagano said that this method is delivered through channel partners.
Websense, a security vendor based in San Diego, Calif., has outlined the profile of a typical hacker.
From Websense’s research 32 per cent of the threats come from the inside. Other characteristics of an internal hacker are:
- 92 per cent are male;
- 56 per cent had a technical position;
- 78 per cent of insider theft was done during business hours;
- 65 per cent had already accepted another job with competitors; and
- 25 per cent of the stolen data was given over to a foreign government or company outside of the border.