Hacking might not be the smartest way to bring in revenue, but it looks like the return on some of the biggest Malware attacks are making cybercriminals very rich and you won’t believe how easy it was for many of them.

During its investigation of 574 breaches over 15 countries in 2014, SpiderLabs found that attackers are receiving a 1,425%  return on their hacking investments for exploit kit and ransomeware, according to a recent post on Net-Security.

The top five most frequently detected vulnerabilities were SSL Vulnerable to CBC Attacks, SSL RC4-based Ciphers Supported, SSLv3 Supported, SSLv2 Supported and OpenSSL ‘Heartbleed’ Data Leakage Vulnerabilities, according to the report.

Password vulnerability is a huge problem, but in some cases, people practically deserve to get hacked (and it can barely be considered a hack).

One of the most common password problems is one users should probably be aware of by now — people set their password to an easy to guess term. “Password1″ remains one of the most commonly used passwords and people still use easy-to-find data like their birthday to supposedly lock down their accounts.. Users continue to overlook the importance of using passwords that mix upper case and lower case letters which extend longer than just eight characters, leaving themselves susceptible to cyber attacks.

Half of the victims from the report are from the United States with retail being the most targeted industry followed by food and beverage according to Net-Security.

“The majority of victims, 81%, did not detect breaches themselves,” reported Net-Security.

“The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.”

HTTP was also the most vulnerable service with 81.5% of the cyber crimes detected among the service. To view the full report, read the full story.