Cloud

6/1/2018
10:30 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
100%
0%

Cybercrime Is Skyrocketing as the World Goes Digital

If cybercrime were a country, it would have the 13th highest GDP in the world.

Worldwide, cybercriminals rake in at least $1.5 trillion every year — an amount equal to Russia's gross domestic product (GDP), according to research by Dr. Michael McGuire, senior lecturer in criminology at Surrey University and commissioned by security firm Bromium. In fact, if cybercrime were a country, it would have the 13th highest GDP in the world. McGuire's revenue figure includes estimated earnings of $860 billion from illicit or illegal online markets, $500 billion from intellectual property theft, $160 billion from data trading, $1.6 billion from crimeware-as-a-service, and $1 billion from ransomware. The research presents evidence that cybercrime revenues often exceed those of legitimate small to midrange companies.

In fact, the global crime economy has become a self-perpetuating organism — an interlinked web of profit where the boundary between the legitimate and illegitimate is often unclear. The McGuire report notes the emergence of platform criminality, which is similar to the business model used by companies like Uber and Amazon and whose stock in trade is data. The report also red-flags new modes of criminality that these platforms enable, and they allow illicit monies to be directed to more widespread criminal activities such as human trafficking, drug production and distribution, and even terrorism.

The World Goes Digital, and so Does Crime
Cybercrime is now a profitable underground economy. The fabled "darknet" provides the platform for transactions, the place where demand meets supply. The evolving cybercrime-as-a-service model offers everything from distributed denial-of-service attacks and malware to shiploads of stolen data sets on demand. Today, engaging in cybercrime is as simple as legitimate e-commerce.

Meanwhile, and making matters worse, the dependency on the availability and performance of IT infrastructure among legitimate enterprises is increasing heavily, which makes them more vulnerable to breaches that can wreak havoc on business. A few errant clicks by a clueless or malicious employee can take an organization offline or flood it with malware.

For those who know how, it is relatively simple to access the tools, services, and expertise of the cybercriminal. As a result, it's certain that both enterprises and governments will see more sophisticated, costly, and disruptive attacks — and that the problem won't be solved with old thinking or legacy technology. It will require fresh, more intelligent, and nimble approaches.

Platform Criminality Is Emerging
Interestingly, McGuire's report describes a growing interconnectedness and interdependence between the illegitimate and legitimate economies, something he calls the "Web of Profit." He contends that "companies and nation states now make money from this Web of Profit. They also acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control."

He continues: "There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime, albeit unwittingly, in most cases."

The emergence of platform criminality — which mimics the platform capitalism typified by companies like Amazon, Facebook, and Uber — offers fertile ground for hackers to further increase their ill-gotten gains. The report raises concerns that platform criminality is funding broader criminal activities such as human trafficking, drug production and distribution, and even terrorism.

According to the report, whether it's through hacking companies to steal users or personal data, distribute malware, flog illegal goods and services, establish fake shopfronts to launder money, or simply connect buyers and sellers, cybercriminals are clearly adept at leveraging existing platforms for commercial gain.

"This is creating a kind of 'monstrous double' of the legitimate information economy — where data is king," writes McGuire. "The Web of Profit is not just feeding off the way wealth is generated there, it is reproducing and, in some cases, outperforming it."

Post-Crime Reality and Terrorism
"We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005," adds McGuire. "Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cybercrime are involved in the active production of drugs."

The report shows that cybercriminal platform owners are likely to receive the biggest benefits from this new wave of cybercrime, and that they will probably distance themselves from the actual crimes. In fact, individual hackers may only earn a paltry $30,000 a year. In contrast, a trader can earn up to $2 million if they have just 50 stolen card details at their disposal.

McGuire refers to this as "post-crime" reality, one in which cybercriminals adopt a "platform capitalism" approach to selling, rather than committing crime.

In fact, McGuire unearthed criminal websites that provide ratings, descriptions, reviews, services, and even technical and customer support. These platforms are making the criminal "customer experience" better and providing easy access to services and products that support crime on a global scale.

Strangely enough, even criminal organizations themselves are also undergoing digital transformation and diversifying into new types of crime. McGuire claims that many of the larger known cybercrime operations typically reinvest revenues into expanding their operations — such as buying more crime software, maintaining a website, paying mules, or other criminal requirements. They invest approximately 20% of their revenues into further crime, which suggests that up to $300 billion may be funding future cybercrime and other serious criminal activities.

Alarmingly, the cybercriminals are not just stealing data to make money for the sake of it. McGuire suggests that their reinvestments include spending money to support other types of crime such as drug and human trafficking, and even terrorism. The report highlights one case where cybercrimes were committed specifically to generate more than $3.5 million for terrorist activities. Clearly, the need for cybersecurity is greater than ever, because the stakes have never been so high.

Related Content:

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100
PUBLISHED: 2018-08-15
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101
PUBLISHED: 2018-08-15
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.