Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Cybercrime Is Skyrocketing as the World Goes Digital

If cybercrime were a country, it would have the 13th highest GDP in the world.

Worldwide, cybercriminals rake in at least $1.5 trillion every year — an amount equal to Russia's gross domestic product (GDP), according to research by Dr. Michael McGuire, senior lecturer in criminology at Surrey University and commissioned by security firm Bromium. In fact, if cybercrime were a country, it would have the 13th highest GDP in the world. McGuire's revenue figure includes estimated earnings of $860 billion from illicit or illegal online markets, $500 billion from intellectual property theft, $160 billion from data trading, $1.6 billion from crimeware-as-a-service, and $1 billion from ransomware. The research presents evidence that cybercrime revenues often exceed those of legitimate small to midrange companies.

In fact, the global crime economy has become a self-perpetuating organism — an interlinked web of profit where the boundary between the legitimate and illegitimate is often unclear. The McGuire report notes the emergence of platform criminality, which is similar to the business model used by companies like Uber and Amazon and whose stock in trade is data. The report also red-flags new modes of criminality that these platforms enable, and they allow illicit monies to be directed to more widespread criminal activities such as human trafficking, drug production and distribution, and even terrorism.

The World Goes Digital, and so Does Crime
Cybercrime is now a profitable underground economy. The fabled "darknet" provides the platform for transactions, the place where demand meets supply. The evolving cybercrime-as-a-service model offers everything from distributed denial-of-service attacks and malware to shiploads of stolen data sets on demand. Today, engaging in cybercrime is as simple as legitimate e-commerce.

Meanwhile, and making matters worse, the dependency on the availability and performance of IT infrastructure among legitimate enterprises is increasing heavily, which makes them more vulnerable to breaches that can wreak havoc on business. A few errant clicks by a clueless or malicious employee can take an organization offline or flood it with malware.

For those who know how, it is relatively simple to access the tools, services, and expertise of the cybercriminal. As a result, it's certain that both enterprises and governments will see more sophisticated, costly, and disruptive attacks — and that the problem won't be solved with old thinking or legacy technology. It will require fresh, more intelligent, and nimble approaches.

Platform Criminality Is Emerging
Interestingly, McGuire's report describes a growing interconnectedness and interdependence between the illegitimate and legitimate economies, something he calls the "Web of Profit." He contends that "companies and nation states now make money from this Web of Profit. They also acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control."

He continues: "There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime, albeit unwittingly, in most cases."

The emergence of platform criminality — which mimics the platform capitalism typified by companies like Amazon, Facebook, and Uber — offers fertile ground for hackers to further increase their ill-gotten gains. The report raises concerns that platform criminality is funding broader criminal activities such as human trafficking, drug production and distribution, and even terrorism.

According to the report, whether it's through hacking companies to steal users or personal data, distribute malware, flog illegal goods and services, establish fake shopfronts to launder money, or simply connect buyers and sellers, cybercriminals are clearly adept at leveraging existing platforms for commercial gain.

"This is creating a kind of 'monstrous double' of the legitimate information economy — where data is king," writes McGuire. "The Web of Profit is not just feeding off the way wealth is generated there, it is reproducing and, in some cases, outperforming it."

Post-Crime Reality and Terrorism
"We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005," adds McGuire. "Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cybercrime are involved in the active production of drugs."

The report shows that cybercriminal platform owners are likely to receive the biggest benefits from this new wave of cybercrime, and that they will probably distance themselves from the actual crimes. In fact, individual hackers may only earn a paltry $30,000 a year. In contrast, a trader can earn up to $2 million if they have just 50 stolen card details at their disposal.

McGuire refers to this as "post-crime" reality, one in which cybercriminals adopt a "platform capitalism" approach to selling, rather than committing crime.

In fact, McGuire unearthed criminal websites that provide ratings, descriptions, reviews, services, and even technical and customer support. These platforms are making the criminal "customer experience" better and providing easy access to services and products that support crime on a global scale.

Strangely enough, even criminal organizations themselves are also undergoing digital transformation and diversifying into new types of crime. McGuire claims that many of the larger known cybercrime operations typically reinvest revenues into expanding their operations — such as buying more crime software, maintaining a website, paying mules, or other criminal requirements. They invest approximately 20% of their revenues into further crime, which suggests that up to $300 billion may be funding future cybercrime and other serious criminal activities.

Alarmingly, the cybercriminals are not just stealing data to make money for the sake of it. McGuire suggests that their reinvestments include spending money to support other types of crime such as drug and human trafficking, and even terrorism. The report highlights one case where cybercrimes were committed specifically to generate more than $3.5 million for terrorist activities. Clearly, the need for cybersecurity is greater than ever, because the stakes have never been so high.

Related Content:

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or tr...
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.