But while cybercriminals may be creating these attack tools en masse, security vendors are quickly adapting to these attacks by producing security tools, said Turner. That said, the cybercriminals, in turn, are updating their tools to keep up.

Turner isn't so confident that organizations are aware of the gravity of such a thriving underground economy due to a lack of studies that have placed a dollar value on these underground transactions. And besides, he said, cybercriminals are "not filing annual SEC reports, they are not filing taxes."

The security industry has been aware of thriving cybercriminal activity for a number of years, said O'Higgins, but everyone else is just catching on. "It's getting bigger all the time and has hit critical mass where it's noticed by everyone," he said.

Individuals and organizations just need to migrate from an analog risk assessment approach to one that makes sense for the online world, said Turner, because "in the digital world, this is still relatively new for most of us."