Also, industrial-strength automation allows cybercriminals to broadly spread their maliciousness. "Why are cybercriminals industrializing their operations?" Kevin Morgan, CTO of Arxan, asked in an interview. "The answer is the whole world of enterprises are having to extend their interfaces into the mobile world so there's a lot more attack surface area for industrialized applications."
The mobile world is like the Wild West for cybercriminals. "Security things learned 10 years ago in the laptop space are just starting to appear in the mobile space," Charles Henderson, director of Trustwave SpiderLabs, said in an interview.
Henderson said convenience may be an obstacle to mobile phone security. "The fact is that mobile devices are easy to use," he said. "When something is easy to use, it's also easy to misuse."
The "shadow" economy has become one of scale providing services to a myriad of players — both states and non-states, said Tom Kellermann, vice president of cybersecurity for Trend Micro.
"There's been an overt commoditization and automation of cyber weaponry in the shadow economy," he told CSO. "That's the reason we're seeing such robust end-stage attacks in today's environment."
Even if a cybercriminal doesn't have the capability to accomplish what they want, it's easy enough to purchase it on the cyber black market. "You can get enough capability to hack into almost anything for 600 bucks," Kellermann said.
Sign up for CIO Asia eNewsletters.