Cost of conducting APT campaigns is dramatically dropping

Speaking at Kaspersky Lab’s Industry Analyst Summit Costin Raiu, revealed that the cost for APT campaign is dramatically dropping.

The cost of developing advanced malware has fallen dramatically malicious code like Stuxnet and Flame are today economically more affordable. It has been estimated that the expense for the development of a cyber weapon like Stuxnet,or for a sophisticated spyware like Duqu, is collapsed from $100 million to just $10,000.

Speaking at Kaspersky Lab’s Industry Analyst Summit Costin Raiu, head of global research and analysis at Kaspersky, revealed that cost for Stuxnet design was nearly $100 million.

 

 

The dropping for the cost represents an element of serious concerns for cyber security experts because it is lowering the barrier to entry to the global cyber-arms race.

“The cost of entry for APT is decreasing,” “We’re going to see more surgical strikes and critical infrastructure attacks.”said Costin Raiu

Behind those malware even more sophisticated there are groups of hackers, also identified with terms like APT or advanced persistent threats, which work for governments or are part of their cyber unit.

APT are typically involved in cyber attacks on high-value targets, including government organization, financial institutions, critical infrastructure and defense contractors.

In the past the financial effort necessary to sustain APT was impressive, I remember an interesting analysis proposed by the popular hacker Charlie Miller on the cost for the design of a cyber weapon, he estimated an involvement of 592 people and an investment of $45.9 mil in annual salary with an average annual salary $77,534.

The cost is totally different from the $10,000 hypothesized for  the realization of the IceFog malware which was discovered last year and that hit US energy companies with a Java Backdoor.

According to experts at Kaspersky the Javafog backdoor could indicate that the Icefog mercenaries were running a US-specific operation, according the analysis on the backdoor used the team was preparing a long-term cyber espionage campaign.

“The focus on the US targets associated with the only known Javafog C&C could indicate a US-specific operation run by the Icefog attackers; one that was planned to take longer than usual, such as, for instance, long-term collection of intelligence on the target,” “This brings another dimension to the Icefog gang’s operations, which appear to be more diverse than initially thought.” reported the Kaspersky report.

While Icefog campaign probably required an investment of no more than $10,000, the NetTraveler APT campaign likely cost about $500,000, that is nothing compared to the 100$ dollars for Stuxnet.

“If you’re thinking that’s a lot of money, it’s not,” “It’s the cost of several missiles.”

“Icefog is special because it indicates a new trend of cyber mercenaries, maybe five to ten people that are highly skilled,” “They knew what documents they wanted to steal from each machine and they spent only a few minutes on each machine.”Raiu said. 

Raiu has no doubts lowering of the costs associated to APT campaigns will cause a significant increase in the number of dangerous cyber attacks … let’s wait for further revelation on the last APT offensive dubbed “The Mask“.

Pierluigi Paganini

(Security Affairs –  APT, state-sponsored hacking)