Those of you looking for statistics to justify your security budgets for next year, look no further: Symantec has released their view of the underground economy as it has evolved over the past year. The qualitative information in the report is amusing, but the quantitative information has far more value to anyone trying to build a justification for infrastructure and security services related to PCI-DSS. For example, the report puts the market value of the traded goods, including financial credentials, at around $275M. This total market value is dwarfed by the potential amount of cash that can be extracted by the underground using these accounts.
If you ignore the numbers, there is not too much new for those of you who have been following how pilfered data is traded on the underground. Most of the statements made in the document have been previously reduced to platitudes and anecdotes that have circulated at conferences and blogs for some time now. However, it is pretty rare that such data is collected with rigor and provided with solid analysis, and for that reason the report is useful.