Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Cybercrime's Most Lucrative CareersCybercrime's Most Lucrative Careers
Crime pays. Really well. Here's a look at just how much a cybercriminal can earn in a month.
December 31, 2019
The Dark Web is a bustling market and economic engine. Just ask the cybercriminals who are making excellent money selling wares and finding work there.
"Into the Web of Profit," a study released earlier this year by Dr. Michael McGuire at the University of Surrey, also backs that up. The study examines what is being sold on the Dark Web. Categories of goods include credit card information, login credentials to financial accounts, stolen subscription credentials, and usernames and passwords of all kinds.
Also available: services and jobs, according to Alex Guirakhoo, strategy and research analyst at Digital Shadows.
"In February 2019, the threat group TheDarkOverlord was seen advertising monthly payments of over $60,000 to tempt recruits willing to join their extortion schemes," Guirakhoo says.
So how much does cybercrime pay? A separate study, also conducted by McGuire, dives into the details of how much cybercriminals earn. McGuire interviewed 50 convicted or active cybercriminals, and spoke with dozens of experts from law enforcement, financial institutions, and IT security companies. Total cybercrime revenues are around $1.5 trillion, he found. And the cybercriminals earning the most are making as much as much as $2 million a year.
Yes, you read that right. The highest earners take home more than $167,000 a month. Lower wages hover around 75,000 a month. And as Guirakhoo notes, certain skills net a better income.
"Technical skills are always in high demand," he says. "Job offers for developers of malware, like ransomware, remote access Trojans, or banking Trojans are common sights on criminal forums. Much like real-world jobs, wages can be even higher based on technical and language skills, and cybercriminal recruiters have also offered bonuses to those with a proven tenure."
The Most Profitable Markets And Services
McGuire's "Web of Profit" report details not only how much money cybercrime can net, but which markets are the most lucrative. Here's how profits break down by criminal venture:
Illegal online markets: $860 billion
Trade secret, IP theft: $500 billion
Data trading: $160 billion
Crimeware/Cybercrime-as-a-Service (CaaS): $1.6 billion
Ransomware: $1 billion
While ransomware is at the bottom of the list, Digital Shadows' research shows it's one to keep a watch on, Guirakhoo says.
"Due to its popularity, ransomware is definitely one of the more lucrative cybercriminal gigs out there," he explains."These attacks have become much more targeted. Attackers are going after the organizations they know are most vulnerable and most likely to meet ransom demands."
Guirakhoo also points to ransomware-as-a-service, or RaaS, as a way experienced cybercriminals are monetizing their skills, "without doing a lot of the dirty work themselves," he says. "GandCrab is a great example of this. The developers of the wildly popular RaaS closed up shop this past May, citing profits of $2 billion, although the accuracy of their claims is debatable."
Falling Out of Favor
What's not so hot anymore? Exploit kits, which is a type of toolkit that can be used to engineer attacks on systems in order to distribute malware or perform other malicious activities.
"Black hat exploit kit development is something that we haven't seen too much of recently," Guirakhoo says. "This aligns with the downward trend of the use of exploit kits in general. People will flock to what is most popular and profitable."
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
Human-Centric Security Model Meets People Where They AreDec 07, 2023
Name That Edge Toon: On Your Mark...Dec 01, 2023
10 Holiday Gifts for Stressed-Out Security ProsNov 30, 2023
Cyber Threats to Watch Out for in 2024Nov 28, 2023