Malware Attacks Give Criminals 1,425% Return On Investment 124
An anonymous reader writes: Trustwave released a new report which reveals the top cybercrime, data breach and security threat trends. According to their findings, attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment). Retail was the most compromised industry making up 43 percent of investigations followed by food and beverage (13 percent) and hospitality (12 percent).
Sliced and Diced (Score:4, Informative)
I hope this is not true:
http://www.reddit.com/r/technology/comments/39x7w5/sourceforge_hijacks_firefox_project/ [reddit.com]
Re: (Score:2, Informative)
Whoever modded that down: The complaint about Sourceforge is on topic, and not just a rehash of older complaints either.
Don't use thousand separators internationally (Score:5, Insightful)
1,425% is ambiguous. It can be read as 1.425% by people who normally use commas as decimal separators. Thousand separators are meant to be used for clarity, but in an international forum they create confusion instead, so don't use them. Digit grouping is an alternative, but doing that in a typographically correct way requires non-breakable narrow spaces. Honestly, if you need help reading a four digit number, maybe reading isn't for you.
Re: (Score:1)
Indeed. I don't mind points as a decimal separation, but commas to group thousands are highly confusing.
Re:Don't use thousand separators internationally (Score:5, Interesting)
Ah thank you. Coming from a country where we use comma as a decimal separator I actually did misread this and thought it was a pretty crappy return of investment (due to dissonance or something my brain decided not to interpret what was written within the parentheses).
Re: (Score:1)
1,425% is ambiguous.
It's not ambiguous, it's very clear and perfectly acceptable anglophone denotation. If you want to use some other form of denotation or find this confusing, go to a non anglophone site or improve your language education, respectively.
Re: (Score:2, Insightful)
1,425% is ambiguous.
It's not ambiguous, it's very clear and perfectly acceptable anglophone denotation.
No it isn't.
You want an example? South Africa uses commas for decimals. And they're not the only ones.
Re: (Score:2)
The primary language of South Africa is Zulu. English trails in a poor fourth down the list.
Re: (Score:2)
Exactly.
On a related note, could we please kill the developer(s) that wrote the CSV import for Excel?
Depending on your regional settings, importing a cell containing 3.14 could yield 3.14, 3140 or 14th of March.
Re: (Score:2)
Not to mention the CSV export. The dynamic of that format is completely FUBAR for everyone working in a multinational company.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you use separator - use a space and a fixed-width font.
Re: (Score:1)
Re: (Score:2)
Here's a map of usage by country, blue is comma, green is dot. https://en.wikipedia.org/wiki/... [wikipedia.org]
By total population comma wins.
By total countries dot wins.
By total military comma wins.
By square mileage dot wins.
By website hosting locale comma wins.
By mindless inability to grok the obvious from the summary where they helpfully give $84,400 return on $5,900 investment which makes it clear that it's not 1% and that commas are being used nobody wins.
Re: (Score:2)
1,425% is ambiguous. It can be read as 1.425% by people who normally use commas as decimal separators. Thousand separators are meant to be used for clarity, but in an international forum they create confusion instead, so don't use them. Digit grouping is an alternative, but doing that in a typographically correct way requires non-breakable narrow spaces. Honestly, if you need help reading a four digit number, maybe reading isn't for you.
If anyone reads the number as 1.425% in relation to this story, then I would agree with you. Maybe reading isn't for you.
Then again, maybe this forum isn't for you either. Clearly there's a comprehension problem that has fuck-all to do with commas or decimals.
I read it as 1.425%. No one uses thousand separators for just 4 digits, so 1 point something was much more likely.
Re: (Score:2)
Which most of Europe do.
Re: (Score:3)
Here's a set of coordinates. Have fun understanding where commas are meant to separate coordinates and where they're meant to separate thousands.
574,813,067,805.875,243,554,323,654,371.654,876,484,567,576,549.654,765.763,652,258,436,540.365,347,654.364
Re: (Score:2)
I wasn't aware the summary was written in code, or contained any lengthy co-ordinates either for that matter.
SUBJECT (Score:2, Funny)
How nice of Slashdot to explain why SourceForge is fucked up as it is.
TCOC (Score:2, Funny)
This is the return before legal fees, restitution and incarceration.
You have to look at the Total Cost Of Crime when you calculate the ROI.
Re: TCOC (Score:1)
Not to mention whitewashing. What rates do Saul offer nowadays?
Re: TCOC (Score:1)
Hehe, will try to post as AC/DC next time...
Re: (Score:2)
Like making murder legal then?
Re: (Score:1)
"Murder" is fungible.
Crime Pays (sometimes) (Score:4, Insightful)
Yeah, a lot of people go into crime for money. Human Traffickers make a great return on investment in slaves, for example, and get much less risk of being caught than if you're trafficking guns. It's seriously messed up, but how fast do you think the police would shut down an AK-47 market on the corner as opposed to your neighborhood's center for prostitution?
Bank robbery also pays, but tends not to pay very well. (Not nearly as well as a good engineering job, IIRC, and more likelihood of your bugs getting detected).
Re: (Score:1)
It's much more promising to run a bank than to rob one.
The best way to rob a bank is to own it, am I right?
Re: (Score:2)
If you mount a light switch upside down, or you use door knobs from a different source than your design specifies, your building generally won't come crashing down. In the world of software, it very well might.
Re: (Score:1)
Credit card track data? (Score:2)
Data most targeted: In 31 percent of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that’s needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013) meaning attackers shifted their focus back to payment card data.
I assume this is mostly because the US still doesn
Re: (Score:2)
Chip and PIN != RFID.
Re: (Score:3)
The new ones are chipped. But the replacement cycle on credit cards (mine are usually good for five years) is long enough that a lot of unchipped cards are still out there (about half of mine are chipped, the other half won't expire for a couple-three more years).
Note that chipped doesn't protect you from credit card fraud - just yesterday I got called by my CC compan
Re: (Score:2)
Re: (Score:2)
Manually, I am guessing. I have a different credit card for online transactions. Or possibly directly from the CC company....
Re: (Score:2)
I received chipped replacements for my credit card and ATM card (different banks) roughly 3 years before the old cards were due to expire. Apparently some institutions aren't waiting so long.
Re: (Score:1)
Re:Credit card track data? (Score:4, Informative)
Re: (Score:2)
I'm actually surprised. The chip/PIN readers are gaining steam here in the US. Even Square has an EMV reader. The fact that vendors have to pay the cost is getting them to actually get off their buts and deploy these. Even ATMs are starting to have a mechanism for chips.
I just wonder how they are going to handle fraud via mail order or where the card isn't present. This will still be an issue.
Re: (Score:2)
Same way they always have - CNP transactions cost more and are riskier.
It'll be a cost an internet merchant will have to pay, and there's no way around it. Either the merchant adds friction to the process (some merchants ask you to fax/email a copy of the card which if you look at the cardholder agreement is something you should never, ever, do), or they end up using something like Pa
Physical card theft (Score:1)
I have to wonder if the best return isn't on physically stealing cards. My wife's debit card was stolen at work this weekend. Since its a secure environment they know it was one of thirty people. She realized itcwhen b she got an alert when it was used on the other side of town about an hour after they got off work. After canceling the card she called the gas station manager who said he had the person on camera so to file a police report and he'd gladly supply the video. The police refused to take a report.
Re: (Score:2)
Don't call the police, call the bank and let the bank call the police.
It's not worth their time. They either wrote off the loss or their insurance company paid or they backcharged the merchants. Spending any additional time on nailing the criminal wouldn't benefit them in any way. It would be purely for vengeance.
anti-virus industry enticing more virus-makers? (Score:1)
Philosophical musing (Score:1)
We have crafted a culture that not only rewards, but idolises excessive accumulation of wealth. We have taught each other to seek profits, and that a large return on investment is a good thing. We have also crafted a technological world where poor quality software (designed sufficiently to get paid, but with effort and attention to detail spared so as to increase the profitability and return on investment) runs peoples lives, and where few understand this software. Is it any surprise that waves of such cybe
New Investment Opportunity (Score:5, Funny)
So what the TFA is saying is that it's better for me to invest in Malware hackers than the S&P 500. Interesting. Now I'm wondering if there'll be an ETF or Mutual Fund available soon. Symbol: HX0R
Risk? (Score:2)
Re: (Score:1)
About 10% chance you'll get caught, but the people you are likely dealing with are no better than the cops, so, caveat emptor, as the saying goes...
This article reminds me of something. (Score:1)
Re: (Score:2)
You might want to ponder the meaning of 'net revenue'.
Of course financial crimes pay (Score:1)
If it didn't, people wouldn't do it.
Even a typical burglary of an upper-middle-class home with $5000 in jewelry pays several thousand percent if you don't factor in the thief's time* and if the thief is never caught**:
* Gross from sale of stolen jewelry on the black market: $500 (or more)
* Cost attributable to getaway car, fuel, and driving to/from the meetup with your fence: Under $30.
That's well over a 1650% return right there.
* Assume the thief doesn't value his time, which is likely a valid assumption
Re: (Score:2)
Another major difference: to burgle my house, the burglar has to physically be here. To, say, encrypt my files and demand ransom, the criminal has to be connected to the Internet, and physically be somewhere on the planet.
1,425% ROI, but 87.3% of statistics are made up (Score:1)
Re: (Score:2)
* Can't be selectively disabled
* Defeated by being out of date
* Can disable some websites whose code relies on being able to read content on a blocked host
* Creator is famous for spamming the ever-loving shit out people in some strange belief people like his bizarre, rambling adverts, but not other, less-insane adverts
Re: (Score:2)
Re: (Score:2)
You're in the abyss now.
Not sure how many people remember James "Kibo" Parry but at this point I suspect APK doesn't really exist. It's just an interesting bit of amped up Eliza code that looks for references to APK, posts, and then responds to follow ups with canned text and inline name replacements.