Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Submission + - The Economics of Targeted Attacks (

Trailrunner7 writes: Researchers and security vendors have been telling us for years now that attackers have developed sophisticated, targeted attacks designed to separate victims from their money as quickly and cleanly as possible. If that's so, why aren't all of us being compromised on a regular basis? A researcher from Microsoft Research posited at the WEIS 2010 workshop Tuesday that the answer is simple economics.

The amount of time and money it takes to send out 10 million phishing emails versus five million emails is negligible once the attacker has his infrastructure in place. As a result, these attacks are still quite prevalent, despite their diminishing economic return. But even with relatively low returns per attack, these kinds of scalable attacks yield a high profit for professionals, said Cormac Herley of Microsoft Research."Non-scalable attacks have to be selective attacks. Every attack costs you something," Herley said. "If the non-scalable attacks can't match the return of the scalable attacks, she should change tactics. At equal costs, she needs a way better yield. But competing on yield makes no sense because when she extracts the same value per victim, there's too much effort."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

The Economics of Targeted Attacks

Comments Filter:

Retirement means that when someone says "Have a nice day", you actually have a shot at it.