Connect with us

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

1 month ago

on

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Related Topics:
Continue Reading

Cyber Security

GISEC Global 2025: Phishing, Data Breaches, Ransomware, and Supply Chain Attacks Causing Challenges

Published

18 hours ago

on

April 29, 2025

By

Maher Jadallah, the Vice President for Middle East and North Africa at Tenable, says effective exposure management requires a unified view of the entire attack surface (more…)

Continue Reading

Cyber Security

GISEC Global 2025: A Place Where Innovation, Partnerships, and Leadership Come Together

Published

18 hours ago

on

April 29, 2025

By

Meriam ElOuazzani, the Senior Regional Director for META at SentinelOne, says, the company will showcase its latest developments in AI-powered security solutions, reinforcing its position as a leader in this area (more…)

Continue Reading

Artificial Intelligence

Cequence Intros Security Layer to Protect Agentic AI Interactions

Published

1 day ago

on

April 29, 2025

By

Cequence Security has announced significant enhancements to its Unified API Protection (UAP) platform to deliver a comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organizations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance.

There is no AI without APIs, and the rapid growth of agentic AI applications has amplified concerns about securing sensitive data during their interactions. These AI-driven exchanges can inadvertently expose internal systems, create significant vulnerabilities, and jeopardize valuable data assets. Recognising this critical challenge, Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT from OpenAI and Perplexity from harvesting organizational data.

Internal telemetry across Global 2000 deployments shows that the overwhelming majority of AI-related bot traffic, nearly 88%, originates from large language model infrastructure, with most requests obfuscated behind generic or unidentified user agents. Less than 4% of this traffic is transparently attributed to bots like GPTBot or Gemini. Over 97% of it comes from U.S.-based IP addresses, highlighting the concentration of risk in North American enterprises. Cequence’s ability to detect and govern this traffic in real time, despite the lack of clear identifiers, reinforces the platform’s unmatched readiness for securing agentic AI in the wild.

Key enhancements to Cequence’s UAP platform include:

  • Block unauthorized AI data harvesting: Understanding that external AI often seeks to learn by broadly collecting data without obtaining permission, Cequence provides organizations with the critical capability to manage which AI, if any, can interact with their proprietary information.
  • Detect and prevent sensitive data exposure: Empowers organizations to effectively detect and prevent sensitive data exposure across all forms of agentic AI. This includes safeguarding against external AI harvesting attempts and securing data within internal AI applications. The platform’s intelligent analysis automatically differentiates between legitimate data access during normal application usage and anomalous activities signaling sensitive data exfiltration, ensuring comprehensive protection against AI-related data loss.
  • Discover and manage shadow AI: Automatically discovers and classifies APIs from agentic AI tools like Microsoft Copilot and Salesforce Agentforce, presenting a unified view alongside customers’ internal and third-party APIs. This comprehensive visibility empowers organizations to easily manage these interactions and effectively detect and block sensitive data leaks, whether from external AI harvesting or internal AI usage.
  • Seamless integration: Integrates easily into DevOps frameworks for discovering internal AI applications and generates OpenAPI specifications that detail API schemas and security mechanisms, including strong authentication and security policies. Cequence delivers powerful protection without relying on third-party tools, while seamlessly integrating with the customer’s existing cybersecurity ecosystem. This simplifies management and security enforcement.

“Gartner predicts that by 2028, 33% of enterprise software applications will include agentic AI, up from less than 1% in 2024, enabling 15% of day-to-day work decisions to be made autonomously. We’ve taken immediate action to extend our market-leading API security and bot management capabilities,” said Ameya Talwalkar, CEO of Cequence. “Agentic AI introduces a new layer of complexity, where every agent behaves like a bidirectional API. That’s our wheelhouse. Our platform helps organizations embrace innovation at scale without sacrificing governance, compliance, or control.”

These extended capabilities will be generally available in June.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.