You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.

Phishing has become more popular than ever. Bhagwat Karad, the minister of state for finance reported to Indian parliament, that more than 50,000 (50,242) cases of cyber frauds, banking frauds using internet banking, ATM-Debit and Credit Cards were registered in the first nine months of the current fiscal year, citing RBI data (April-December 2021 period). During the nine-month period, the victims of these frauds lost a total of nearly Rs 167 crore.

According to the FBI’s Internet Crime Complaint Center, the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the prior year. From there, attacks doubled again as phishing reached a monthly record in Q3 2021, according to a recent report from the Anti-Phishing Working Group (APWG). The total number of incidents (reported & unreported) must be higher. A record 2 million phishing sites were reported in 2020, the most in a decade. This comes as no surprise, as phishing kits are cheap and easy available.

 

What is a Phishing Kit

Phishing kits are .zip files with all the scripts required to deploy an attack. These kits enable anyone with minimal programming skills to unleash massive ransomware campaigns. In 2019, the average price of a phishing kit was $304, with the prices ranging between $20 and $880. 

Recently, Microsoft discovered a campaign that used 300,000 newly created and unique phishing subdomains in one massive run. Microsoft also identified a phishing-as-a-service organization known as BulletProofLink. It resembled any other software-as-a-service brand, with tiered service levels, email and website templates, hosting, a newsletter and even 10% off your first order.

Meanwhile, even attackers get targeted. Some phish kits have been unlocked and posted for free on dark web forums. 

 

What is the Cost of a Ransomware Attack

On the other hand, suffering attacks is expensive. According to the IBM Cost of a Data Breach report, in 2021 the average cost of a ransomware attack totaled $4.62 million (not including the ransom, if paid). Compare that to the $66 attackers can pay for a ransomware kit.

 

Alert

Before you think to become cyber criminal, be aware that the cyberlaw is also catching up. There’s even some evidence that the police can now track and recover funds paid for in cryptocurrency. many cryptocurrency cases in India were detected and cyber expert fraudsters were arrested including ex police officers.Also remember, WHILE CYBERCRIME is largely measured in financial terms it is the psychological trauma that hurts victims the most when they are blamed by their family members or society in general for falling victim to the attack/scam.

 

- By Adv (Dr.) Prashant Mali 

Original link of post is here

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform