Cyberattacks for $100
Cybercrime has evolved into a global industry where devastating corporate breaches can be triggered by malware that costs criminals less than a night out. According to cybersecurity expert Vakaris Noreika from NordStellar, the tools behind these attacks — infostealers — can be purchased on the dark web for as little as $100. Yet, they can lead to security failures costing companies millions and eroding customer trust built over the years.
In 2024, the average data breach cost reached a staggering $4.88 million, a 10% increase compared to the previous year. This record-high figure underscores the urgent need for businesses to address modern cyber threats, particularly those posed by information thieves.
Infostealers are a type of malware designed to infiltrate systems and harvest personal and corporate data silently. Once installed, they can extract everything from login credentials and cookies to banking details and private files. As Noreika warns, info stealers are efficient, easy to deploy, and indiscriminate in their targets.
“These attacks can happen to anyone,” says Noreika. “While most cases are random, some are targeted with precision. Either way, the consequences can devastate individuals and companies alike.”
What makes info stealers so dangerous is their efficiency and ease of access. Criminals rarely operate in isolation; instead, they buy and sell the stolen data in bulk through secretive forums and Telegram channels.
Stealer log
Once the malware collects data from infected devices, it compiles the information into a stealer log. These logs typically contain a complete digital profile of each victim, from passwords and emails to financial data and documents. They’re then listed for sale on illicit platforms.
“Stealer logs are surprisingly affordable,” Noreika explains. “A weekly subscription to a dark web channel might cost around $81, while a month’s access can go for $200. On average, one dollar can buy 16GB of stolen data. Hundreds of thousands of lines of valuable, sensitive information for pennies.”
The stealer logs don’t just affect individuals. Often, credentials linked to business accounts are hidden within them — a goldmine for hackers. With a company email domain exposed, it becomes easy to trace which organisation the data belongs to. That’s where the real damage begins.
“If an employee’s credentials are compromised and end up in a stealer log, cybercriminals can breach corporate networks within minutes,” says Noreika. “From there, they can access client information, intellectual property, and internal documents. Sometimes, hackers hold systems hostage, demanding ransom payments to restore operations.”
While some criminals rely on previously compiled stealer logs, others purchase infostealer malware directly. Known as infostealers-as-a-service, this model allows attackers to rent or subscribe to malware such as RedLine or LummaC2, which they can deploy as they choose.
“The cost for these services varies,” says Noreika. “Some are available for a few hundred dollars, while more advanced malware can cost over $1,000. The appeal here is full control. Cybercriminals can select specific targets, deploy the malware when and where they choose, and harvest far more relevant and lucrative data than random collections.”
While the threat landscape grows more sophisticated, Noreika believes human error remains the most common cause of breaches. Phishing emails, rogue downloads, and unsafe browsing are typical methods of installing info stealers on company devices. However, preventing those mistakes requires more than just a warning in the staff handbook.
“Education is key,” he explains. Employees must understand how infostealers spread and the risk of even one accidental click. But even the most cautious team member can make a mistake. That’s why companies must prepare for failure and ensure it doesn’t become a disaster.”
The right strategy involves a multi-layered defence: reliable antivirus software, strict network access controls, multi-factor authentication, and regular monitoring of the dark web for leaked credentials. Together, these can stop infostealer damage from escalating into full-blown financial and reputational crises.
The rise in data breach costs reflects more than just inflation — it highlights a growing industry where cybercriminals don’t need deep pockets or elite skills to cause maximum damage. For as little as $100, bad actors can bypass your front door and walk away with millions in stolen data.
As threats become cheaper and more widely available, businesses of all sizes must rethink how they protect sensitive information. With employees as the first — and often weakest — line of defence, proactive training and robust systems are now necessary, not a luxury.
“The tools are out there, and they’re not going away,” says Noreika. “Companies need to adapt, or risk becoming another name in the growing list of cyberattack victims.”
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate.
Hero image: Infostealers are malware designed to infiltrate systems and silently harvest personal and corporate data. Credit: Tima Miroshnichenko
