Slashdot Mirror
Malware Attacks Give Criminals 1,425% Return On Investment
An anonymous reader writes: Trustwave released a new report which reveals the top cybercrime, data breach and security threat trends. According to their findings, attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment). Retail was the most compromised industry making up 43 percent of investigations followed by food and beverage (13 percent) and hospitality (12 percent).
I hope this is not true:
http://www.reddit.com/r/technology/comments/39x7w5/sourceforge_hijacks_firefox_project/
1,425% is ambiguous. It can be read as 1.425% by people who normally use commas as decimal separators. Thousand separators are meant to be used for clarity, but in an international forum they create confusion instead, so don't use them. Digit grouping is an alternative, but doing that in a typographically correct way requires non-breakable narrow spaces. Honestly, if you need help reading a four digit number, maybe reading isn't for you.
How nice of Slashdot to explain why SourceForge is fucked up as it is.
Surely the criminal's time and effort needs to be factored in to th ROI calculation? Yes, I know that we've been trying to automate away those pesky labor costs since the eighteenth century, if not earlier; but we haven't finished yet...
This is the return before legal fees, restitution and incarceration.
You have to look at the Total Cost Of Crime when you calculate the ROI.
Just make is legal..
So causing all that trouble, and they can't even keep their money? Who would have thought...
Yeah, a lot of people go into crime for money. Human Traffickers make a great return on investment in slaves, for example, and get much less risk of being caught than if you're trafficking guns. It's seriously messed up, but how fast do you think the police would shut down an AK-47 market on the corner as opposed to your neighborhood's center for prostitution?
Bank robbery also pays, but tends not to pay very well. (Not nearly as well as a good engineering job, IIRC, and more likelihood of your bugs getting detected).
lol, they should buy stocks, I'm up 300%
Data most targeted: In 31 percent of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that’s needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013) meaning attackers shifted their focus back to payment card data.
I assume this is mostly because the US still doesn't have chipped credit cards, or has that changed since a year or so ago when I was there? I thought the magstripe was going away.
"I have never let my schooling interfere with my education." - Mark Twain
An expense that is never included in the TCO numbers.
Time for a career change :)
I have to wonder if the best return isn't on physically stealing cards. My wife's debit card was stolen at work this weekend. Since its a secure environment they know it was one of thirty people. She realized itcwhen b she got an alert when it was used on the other side of town about an hour after they got off work. After canceling the card she called the gas station manager who said he had the person on camera so to file a police report and he'd gladly supply the video. The police refused to take a report. They said they we ouldnt followup so there was no point. First they should always take a report but second you know you ggg Ave the person on video, my wife could probably I'd the guy, and you know where he works and my wife probably knows his schedule and you won't do anything?
Then they wonder why the teens here gave no respect for the law. Why would they when the police flat out tell them they can break the law and they won't do anything .
is this just the anti-virus industry trying to entice more virus-makers into making more viruses?
We have crafted a culture that not only rewards, but idolises excessive accumulation of wealth. We have taught each other to seek profits, and that a large return on investment is a good thing. We have also crafted a technological world where poor quality software (designed sufficiently to get paid, but with effort and attention to detail spared so as to increase the profitability and return on investment) runs peoples lives, and where few understand this software. Is it any surprise that waves of such cybercrime are happening? Unfortunately too many humans are too greedy to make properly fixing this situation a serious possibility in the near future.
$84,100 net revenue for each $5,900 investment
Clearly, $5900 is the price of an exploit kit, so they calculate revenue of [successfull group of] script-kiddies. It would be interesting to see the revenue of malware authors.
So what the TFA is saying is that it's better for me to invest in Malware hackers than the S&P 500. Interesting. Now I'm wondering if there'll be an ETF or Mutual Fund available soon. Symbol: HX0R
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Sure the returns are high, just like they are on cocaine smuggling. But what is the risk?
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
welfare
One wonders if this cost includes the cost of loss of income and civil penalties when they are eventually caught.
Ten years in jail can be a substantial cost. But still I am for increasing penalties on all types of white collar crime.
Even though they typically don't physically harm people the money spent investigating, prosecuting, and punishing the criminal involved costs all of us.
* Can't be selectively disabled
* Defeated by being out of date
* Can disable some websites whose code relies on being able to read content on a blocked host
* Creator is famous for spamming the ever-loving shit out people in some strange belief people like his bizarre, rambling adverts, but not other, less-insane adverts
Hosts file can block single hosts.
DNS blackhole can block whole domains.
DNS > hosts. q.e.d.
Keep patching your hosts file for every new host while sane people just block the domain and are done with it. Fucking moron.
That I'm in the right line of work, but I'm on the wrong side.
See subject: More CPU use too (+ DNS has security issues + goes down, a lot).
Hosts cached into RAM locally also resolves FASTER than remote DNS, by FAR!
Hosts also compliment DNS & LIGHTEN dns servers loads - which admins of DNS should LOVE actually!
Having users avoid DNS by hardcoding their favorite sites @ the TOP of hosts yields the greatest possible speed of resolution locally vs. remotely (which is HOW my program structures that for the best speed. 30 of them or so equates to OR EXCEEDS 2-3 MILLION remote indexed DNS queries).
(... + it secures folks vs. Kaminsky redirect flaw ridden remote DNS servers, of which 99.999% of ISP DNS servers are NOT patched against, & gets users to those favorite sites where they SPEND MOST OF THEIR TIME ONLINE mind you, reliably & faster, vs. DOWNED dns (happens QUITE a lot)).
* You just can't beat hosts for a combination of speed, efficiency, security, & reliability!
APK
P.S.=> Let's see YOU do something better Dave420 - you can't & I know it, YOU KNOW IT, & by now? Everyone reading does... lol, you "ne'er-do-well" troll fool... apk
If I invest $100 and end up with $100 that isn't a 100% ROI. It's 0%.
You have to subtract the base investment from the final valuation to figure out profit. Can't believe I have to explain this.
I don't have to do better - better solutions than your's exist already. Give it up. I've already pointed out flaws in your solution which render it useless in many cases, and your anti-boner for DNS and competitors is clouding your already "unique" perspective. It's sad.
APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...
FREE, creates the best possible hosts file, & adds speed, security, + reliability, doing more with less, more efficiently vs. browser addons & locally installed DNS servers @ home + fixes DNS' redirect security issues - obtaining its data vs. online threats & adbanner blocking from 10 reputable sites in the security community!
* :)
By "yours truly" - "The Lord of Hosts" so-to-speak:
PERTINENT QUOTE/EXCERPT:
"The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power" from https://answers.yahoo.com/ques... & in myself, via hosts/custom hosts files use.
(Accept NO substitutes!)
MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...
&
It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...
+
In its 32-bit model also https://www.virustotal.com/en/...
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
See subject + I shot you down & you RAN http://yro.slashdot.org/commen... & even AGREED my points on hosts are SOLID + correct there (in that hosts do MORE than other "so-called 'competitors'" more efficiently by far as well).
* Grow up Dave420... seriously!
APK
P.S.=> Do yourself a favor - Do something with yourself that's worthwhile as I have -> http://start64.com/index.php?o... instead of being an off-topic "ne'er-do-well" (lol, it's the truth, you can't show you've done squat for others that benefit them in added speed, security, reliability, & anonymity as I have)... apk
You're in the abyss now.
Not sure how many people remember James "Kibo" Parry but at this point I suspect APK doesn't really exist. It's just an interesting bit of amped up Eliza code that looks for references to APK, posts, and then responds to follow ups with canned text and inline name replacements.
You're off topic trolling like Dave420 and can't prove apk wrong here http://it.slashdot.org/comment...
If it didn't, people wouldn't do it.
Even a typical burglary of an upper-middle-class home with $5000 in jewelry pays several thousand percent if you don't factor in the thief's time* and if the thief is never caught**:
* Gross from sale of stolen jewelry on the black market: $500 (or more)
* Cost attributable to getaway car, fuel, and driving to/from the meetup with your fence: Under $30.
That's well over a 1650% return right there.
* Assume the thief doesn't value his time, which is likely a valid assumption on our part
** Assume the thief naively believes the risk of getting caught is negligible, which is likely a valid assumption on our part
A major difference between malware and burglary is the risk of serving jail time or paying heavy fines for malware really is close to zero, at least for now. Sigh.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why is there no "racist shithead" mod? A "paranoid" mod would also be very useful here.
Of course, the relevant XKCD: https://xkcd.com/1295/
Wow, these hackers are making tons of money and putting so many innocent people at risk. They are obviously very smart and talented individuals and its a shame they choose to use their assets to tear apart our nations, but money does drive all. And also, seeing how corrupt our political system seems to be, can we blame them?
U can disable hosts & entries in it too via my program + not "out-of-date" if you run it (auto-magically OR manually), & websites that *try* to force reading into your system are NOT WEBSITES WORTH GOING TO, & creator is famous, unlike you, who can't do *anything* remotely even as close... fact!
* :)
Let's see YOU develop something better!
(I'll be waiting until the clock strikes 13 (non-military time of course) & "the 12th of never" or February 31st for THAT to happen from "the trolling likes of you", lol, that's for sure!)
Plus - Lord knows "Almost ALL Ads Blocked" (AdBlock, AdBlock+), UBlock, Ghostery, & even DNS servers makers haven't & can't (for added speed, security, reliability, & even more anonymity as efficiently + with less moving parts & from slower modes of operations (usermode vs. kernelmode))...
Face facts Dave420 - you *WISH* you were me... & you KNOW it!
Lastly, per my subject above: Downmodding this same post I did last time to VAINLY & effetely *try* to "hide it" Dave420? LMAO @ U, proving my point for me (you're an imbecile that's easy to get the best of everytime) -> http://it.slashdot.org/comment...
APK
P.S.=> Try to do something useful with your life Dave420 - living your life as a "ne'er-do-well" troll online isn't much of a life, & as far as you are concerned, vs. myself? Heh - quoting Dirty Harry: "Dyin' ain't much of a livin' BOY!"... apk
Eternally downvoted, never taken seriously.
Looks like a "ne'er-do-well" (in retard hillbilly Yank speak) to me.
Why do you stalk\harass apk? Your post history's evidence. No denying it. Anyone can verify it as I have. Are you so obsessed with him doing better than you have in computing that you feel compelled to stalk and harass him constantly like a psycho you're showing us you are by doing it? He's challenged you to do better. It's evident you can't. You can't even prove his lists of points favoring hosts files wrong, agreeing with him he is correct on them from recent replies of yours in exchanges with apk you've had. What's your problem? Jealousy? Care to show us proof of you ever getting the best of apk too? He's shown you agreeing with him in his replies here on hosts in fact.
Can ublock do 16 things hosts do 4 speed, security, & reliability:
1.) Protect vs. malicious sites (beyond ads)
2.) Protect vs. fastflux botnets + stop C&C communique
3.) Protect vs. dyndns botnets + stop C&C communique
4.) Protect vs. DGA botnets + stop C&C communique
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phish
10.) Protect vs. caps
11.) Get you past dnsbl
12.) Keep you off dns request logs
13.) Speed up surfing by adblocks & hardcoded fav. sites
14.) Works 4 ANYTHING webbound (ie email programs) multiplatform.
15.) Give you easily controlled data
16.) Do all that & block ads (better than addons) more efficiently in cpu + memory usage
* ANSWER ="NO" on UBlock doing it as well or at all!
APK
P.S.=> UBlock does less than hosts & less efficiently - hosts do MORE w/ less + Hosts start w/ IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):
Hosts @ 3mb-11mb w/ current data vs. threats + ads - test yourself using my program.
UBlock uses 63++ MB -> http://www.ghacks.net/2014/06/...
SCREENSHOT -> http://cdn.ghacks.net/wp-conte...
+
ClarityRay defeats it detecting it by dumping addons in use in a browser via native browser methods to do so!
+
UBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).
BEST hosts file?
APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...
MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...
It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...
+
In its 32-bit model also https://www.virustotal.com/en/...
... apk
"I just reply to you when I see you spamming Slashdot with your nonsense"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
Why'd you agree w/ my points on hosts then? Quoting you:
"I'm not denying all those things" - by dave420 (699308) on Wednesday September 17, 2014 @11:39AM (#47927435) FROM -> http://yro.slashdot.org/commen...
Of course not: It's impossible to dispute HOSTS FILES superiority to other methods!
Since my points in favor of hosts SINGLE FILE native kernelmode faster part show hosts doing more w/ less vs. so-called 'competitors' many part messagepassing + cpu/ram use overheads laden slower usermode FAR MORE COMPLEX 'solutions' doing less than hosts do for more security, speed, reliability, + anonymity!
I make creating a superior more efficient solution EASIER!
(That's more than a mere trolling stalking harassing "ne'er-do-well" like yourself could *EVER* manage).
---
"I'm simply pointing out that it takes an AdBlocker to block your spamming"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
I bother you? Then WHY DON'T YOU DO IT & use 'em? Answer that!
(You stalk/harass me instead!)
OBVIOUSLY you don't & you're a "ne'er-do-well" troll & you have "other motivations" (next):
---
* QUESTION:
DO YOU WORK FOR AN ADVERTISING FIRM, or ARE YOU A WEBMASTER/WEBCODER http://slashdot.org/comments.p... , or a MALWARE MAKER, or ARE YOU AFFILIATED WITH 1 OF MY COMPETITORS?
Answer it!
As per your usual you'll avoid every question, or lie & You've been EXPOSED in your "motives" in the last link just above, lol!
APK
P.S.=> See Dave420 the "pot puffing clown" SQUIRM - evasions galore will ensue (as well as effete downmods via sockpuppets to *try* vainly "hide it" -> http://slashdot.org/comments.p... )... apk
"I just reply to you when I see you spamming Slashdot with your nonsense"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
Why'd you agree w/ my points on hosts then? Quoting you:
"I'm not denying all those things" - by dave420 (699308) on Wednesday September 17, 2014 @11:39AM (#47927435) FROM -> http://yro.slashdot.org/commen...
Of course not: It's impossible to dispute HOSTS FILES superiority to other methods!
Since my points in favor of hosts SINGLE FILE native kernelmode faster part show hosts doing more w/ less vs. so-called 'competitors' many part messagepassing + cpu/ram use overheads laden slower usermode FAR MORE COMPLEX 'solutions' doing less than hosts do for more security, speed, reliability, + anonymity!
I make creating a superior more efficient solution EASIER!
(That's more than a mere trolling stalking harassing "ne'er-do-well" like yourself could *EVER* manage).
---
"I'm simply pointing out that it takes an AdBlocker to block your spamming"- by dave420 (699308) on Friday June 19, 2015 @10:31AM (#49945047)
I bother you? Then WHY DON'T YOU DO IT & use 'em? Answer that!
(You stalk/harass me instead!)
OBVIOUSLY you don't & you're a "ne'er-do-well" troll & you have "other motivations" (next):
---
* QUESTION:
DO YOU WORK FOR AN ADVERTISING FIRM, or ARE YOU A WEBMASTER/WEBCODER http://slashdot.org/comments.p... , or a MALWARE MAKER, or ARE YOU AFFILIATED WITH 1 OF MY COMPETITORS?
Answer it!
As per your usual you'll avoid every question, or lie & You've been EXPOSED in your "motives" in the last link just above, lol!
APK
P.S.=> See Dave420 the "pot puffing clown" SQUIRM - evasions galore will ensue (as well as effete downmods via sockpuppets to *try* vainly "hide it" -> http://slashdot.org/comments.p... )... apk