Light Dark
January 12, 2018 By Jan Dyment 2 min read
Intelligence & Analytics

When you look at the payoff calculus of cyberweapons, it is no surprise that business is booming. Compared with conventional weapons, cyberweapons have a low barrier to entry and a low-risk, low-cost, high-reward payoff calculus that is attractive to malicious actors.

What’s Driving Up the ROI of Cyberweapons?

The high return on investment (ROI) of cyberweapons is contributing to a rise in threats across the technology landscape. Here is a look at five major factors behind this influx.

1. Low Barrier to Entry

Unlike conventional weapons, cyberweapons can be acquired with very little monetary or organizational resources. While nuclear weapons, for example, are only the in purview of nation-states, cyberweapons can be leveraged by small groups and individuals. For example, a British teenager hacked CIA Director John Brennan’s email account with nothing more than an internet connection and social engineering. The availability of these tools dramatically expands the set of actors who can access and leverage cyber weapons.

2. Low Risk, Low Cost, High Reward

Because of the attribution dilemma in cyberspace, cybercriminals face a low risk of getting caught. And because there is a low risk of getting caught, as well as very little overhead executing an attack from a keyboard, the payout is virtually all profit. The ROI is hard to beat when compared with any conventional weapon or tactic.

3. An Asymmetrical Weapon

In addition, because of the potential damage that can be done with very few resources, cyberweapons are asymmetrical tools that act as force multipliers for actors large and small, state and nonstate, rich and poor. For smaller actors, cyber weapons level the playing field with larger actors.

4. The Rapidly Maturing Cybercrime Market

Contrary to the theory that there is no honor among thieves, cybercriminals have established a very stable and mature market for selling not only the products of cybercrime such as personally identifiable information, health records and credit cards, but also state-level tools, cyber weapons and hacking services — putting cyber weapons in the hands of anyone with enough motivation.

5. More Devices, More Opportunity

Gartner estimated that there will be 20.4 billion devices connected to the internet by 2020. Every insecure device that connects to the internet is another potential attack vector that can be exploited by a malicious actor. And the rise of the Internet of Things (IoT) is an explosion of opportunity for cybercriminals and malicious cyber actors.

Changing the Payoff Calculus

The best defense we have against malicious actors in cyberspace is to change the payoff calculus by fortifying our networks to increase the costs to mount an attack, reduce the probability of success and minimize the ROI of cyber weapons.

Don’t make it easy for cybercriminals to cash in on your valuable data. Pull the trigger on a robust security strategy to ensure that your organization is prepared for whatever advanced threats come its way in 2018.

Read the white paper: The Evolving Face of Cyberthreats

 |  |  |  |  |  | 
Jan Dyment
i2 Threat Hunting Product Marketing Manager at IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature