MalwareCost: Free - $20k(license based)Trojan designed to steal data, manipulate online bankingsessions, inject screensand more.

Cybercriminal Ecosystem

InfrastructureCost: $50 - $1,000(Rental per month)Hosting services formalware update,configuration and command and controlservers. Some arefast flux or TOR based.

SpammersCost: $1 - $4 per1000 emailsSpam botnet operatorsthat spread emails withattachments or linksleading to a Trojan infection.

Exploit KitsCost: $2K(monthly rental)Toolkits designed toexploit system and software vulnerabilities resulting in amalicious download.

DroppersCost: Free - $10KSoftware designedto download malwareto an infected device,evading antivirus andresearch tools.

Money MulesCost: Up to 60% of account balanceA person who receives thestolen money from a hacked account andtransfers the fundsvia an anonymouspayment serviceto the mule operator.

Fraud as a service is constantly changingand adapting to new security solutions,offering end to end technologies, multipleSLA levels and low prices for everythinga cybercriminal might need.

* This infographic shows one possible scenario of a cybercriminal attack lifecycle. Prices for this scenario are estimates.

© Copyright International Business Machines Corporation 2015. Printed in the United States of America (June, 2015) The following are trademarks of International Business Machines Corporation in the United States, or other countries, or both, IBM IBM Logo.

Cybercrime is no longer a one manman operation. Within the cybercrimeunderground an attacker can find a wealthof tools and services that can be bought orrented to facilitate different aspects of theattack lifecycle.*