Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Crime The Almighty Buck

Malware Attacks Give Criminals 1,425% Return On Investment 124

An anonymous reader writes: Trustwave released a new report which reveals the top cybercrime, data breach and security threat trends. According to their findings, attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment). Retail was the most compromised industry making up 43 percent of investigations followed by food and beverage (13 percent) and hospitality (12 percent).
This discussion has been archived. No new comments can be posted.

Malware Attacks Give Criminals 1,425% Return On Investment

Comments Filter:
  • Sliced and Diced (Score:4, Informative)

    by Anonymous Coward on Tuesday June 16, 2015 @04:45AM (#49920001)
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Whoever modded that down: The complaint about Sourceforge is on topic, and not just a rehash of older complaints either.

  • by Anonymous Coward on Tuesday June 16, 2015 @04:47AM (#49920007)

    1,425% is ambiguous. It can be read as 1.425% by people who normally use commas as decimal separators. Thousand separators are meant to be used for clarity, but in an international forum they create confusion instead, so don't use them. Digit grouping is an alternative, but doing that in a typographically correct way requires non-breakable narrow spaces. Honestly, if you need help reading a four digit number, maybe reading isn't for you.

    • by Anonymous Coward

      Indeed. I don't mind points as a decimal separation, but commas to group thousands are highly confusing.

    • by meza ( 414214 ) on Tuesday June 16, 2015 @06:14AM (#49920239)

      Ah thank you. Coming from a country where we use comma as a decimal separator I actually did misread this and thought it was a pretty crappy return of investment (due to dissonance or something my brain decided not to interpret what was written within the parentheses).

    • 1,425% is ambiguous.

      It's not ambiguous, it's very clear and perfectly acceptable anglophone denotation. If you want to use some other form of denotation or find this confusing, go to a non anglophone site or improve your language education, respectively.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        1,425% is ambiguous.

        It's not ambiguous, it's very clear and perfectly acceptable anglophone denotation.

        No it isn't.

        You want an example? South Africa uses commas for decimals. And they're not the only ones.

    • Exactly.
      On a related note, could we please kill the developer(s) that wrote the CSV import for Excel?
      Depending on your regional settings, importing a cell containing 3.14 could yield 3.14, 3140 or 14th of March.

      • by Z00L00K ( 682162 )

        Not to mention the CSV export. The dynamic of that format is completely FUBAR for everyone working in a multinational company.

    • True, as a French guy I read this as 1.425%... at least they could have written 1'425% to remove confusion...
    • by Z00L00K ( 682162 )

      If you use separator - use a space and a fixed-width font.

    • Using percent to describe something in the thousands is rather silly to begin with.
    • Here's a map of usage by country, blue is comma, green is dot. https://en.wikipedia.org/wiki/... [wikipedia.org]

      By total population comma wins.
      By total countries dot wins.
      By total military comma wins.
      By square mileage dot wins.
      By website hosting locale comma wins.

      By mindless inability to grok the obvious from the summary where they helpfully give $84,400 return on $5,900 investment which makes it clear that it's not 1% and that commas are being used nobody wins.

  • SUBJECT (Score:2, Funny)

    by Anonymous Coward

    How nice of Slashdot to explain why SourceForge is fucked up as it is.

  • TCOC (Score:2, Funny)

    by Anonymous Coward

    This is the return before legal fees, restitution and incarceration.
    You have to look at the Total Cost Of Crime when you calculate the ROI.

  • by Etherwalk ( 681268 ) on Tuesday June 16, 2015 @05:50AM (#49920153)

    Yeah, a lot of people go into crime for money. Human Traffickers make a great return on investment in slaves, for example, and get much less risk of being caught than if you're trafficking guns. It's seriously messed up, but how fast do you think the police would shut down an AK-47 market on the corner as opposed to your neighborhood's center for prostitution?

    Bank robbery also pays, but tends not to pay very well. (Not nearly as well as a good engineering job, IIRC, and more likelihood of your bugs getting detected).

  • Data most targeted: In 31 percent of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that’s needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013) meaning attackers shifted their focus back to payment card data.

    I assume this is mostly because the US still doesn

    • I assume this is mostly because the US still doesn't have chipped credit cards, or has that changed since a year or so ago when I was there?

      The new ones are chipped. But the replacement cycle on credit cards (mine are usually good for five years) is long enough that a lot of unchipped cards are still out there (about half of mine are chipped, the other half won't expire for a couple-three more years).

      Note that chipped doesn't protect you from credit card fraud - just yesterday I got called by my CC compan

      • by RobinH ( 124750 )
        Presumably your card # and other information were stolen manually or via an online transaction. The article is specifically mentioning going after the data from the mag stripe. I have presumed, but don't know enough about it, that the chipped cards encrypt the verification between the card and the bank, so the vendor doesn't ever have that info, and thus any malware running on their POS terminal can't access it either. That doesn't stop your waiter from writing down your card details of course... it's jus
        • Presumably your card # and other information were stolen manually or via an online transaction

          Manually, I am guessing. I have a different credit card for online transactions. Or possibly directly from the CC company....

      • by tsqr ( 808554 )

        The new ones are chipped. But the replacement cycle on credit cards (mine are usually good for five years) is long enough that a lot of unchipped cards are still out there (about half of mine are chipped, the other half won't expire for a couple-three more years).

        I received chipped replacements for my credit card and ATM card (different banks) roughly 3 years before the old cards were due to expire. Apparently some institutions aren't waiting so long.

    • by wbr1 ( 2538558 )
      Few vendors in the US have chip and pin readers. They are not required yet, and even when they are, not having one just shifts the burden of fraudulent transactions to the vendor. Things move glacially here.
      • by Steve Newall ( 24926 ) on Tuesday June 16, 2015 @08:18AM (#49920809)
        The liability shift for chip and PIN cards is scheduled for October this year in the US. Although the guestimates vary, probably around 20% of merchants will have an EMV (chip) reader by this time. When chip and PIN was introduced into Europe, there was a sharp increase in credit card fraud in non-chip regions (Canada for example), and when Canada introduced chip and PIN we noticed a sharp decrease in fraud, which we assume was moved into the US.
      • by mlts ( 1038732 )

        I'm actually surprised. The chip/PIN readers are gaining steam here in the US. Even Square has an EMV reader. The fact that vendors have to pay the cost is getting them to actually get off their buts and deploy these. Even ATMs are starting to have a mechanism for chips.

        I just wonder how they are going to handle fraud via mail order or where the card isn't present. This will still be an issue.

        • by tlhIngan ( 30335 )

          I just wonder how they are going to handle fraud via mail order or where the card isn't present. This will still be an issue.

          Same way they always have - CNP transactions cost more and are riskier.

          It'll be a cost an internet merchant will have to pay, and there's no way around it. Either the merchant adds friction to the process (some merchants ask you to fax/email a copy of the card which if you look at the cardholder agreement is something you should never, ever, do), or they end up using something like Pa

  • by Anonymous Coward

    I have to wonder if the best return isn't on physically stealing cards. My wife's debit card was stolen at work this weekend. Since its a secure environment they know it was one of thirty people. She realized itcwhen b she got an alert when it was used on the other side of town about an hour after they got off work. After canceling the card she called the gas station manager who said he had the person on camera so to file a police report and he'd gladly supply the video. The police refused to take a report.

  • is this just the anti-virus industry trying to entice more virus-makers into making more viruses?
  • by Anonymous Coward

    We have crafted a culture that not only rewards, but idolises excessive accumulation of wealth. We have taught each other to seek profits, and that a large return on investment is a good thing. We have also crafted a technological world where poor quality software (designed sufficiently to get paid, but with effort and attention to detail spared so as to increase the profitability and return on investment) runs peoples lives, and where few understand this software. Is it any surprise that waves of such cybe

  • by Virtucon ( 127420 ) on Tuesday June 16, 2015 @06:45AM (#49920355)

    So what the TFA is saying is that it's better for me to invest in Malware hackers than the S&P 500. Interesting. Now I'm wondering if there'll be an ETF or Mutual Fund available soon. Symbol: HX0R

  • Sure the returns are high, just like they are on cocaine smuggling. But what is the risk?
    • About 10% chance you'll get caught, but the people you are likely dealing with are no better than the cops, so, caveat emptor, as the saying goes...

  • That I'm in the right line of work, but I'm on the wrong side.
  • If it didn't, people wouldn't do it.

    Even a typical burglary of an upper-middle-class home with $5000 in jewelry pays several thousand percent if you don't factor in the thief's time* and if the thief is never caught**:

    * Gross from sale of stolen jewelry on the black market: $500 (or more)
    * Cost attributable to getaway car, fuel, and driving to/from the meetup with your fence: Under $30.

    That's well over a 1650% return right there.

    * Assume the thief doesn't value his time, which is likely a valid assumption

    • Another major difference: to burgle my house, the burglar has to physically be here. To, say, encrypt my files and demand ransom, the criminal has to be connected to the Internet, and physically be somewhere on the planet.

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...