Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/20/2018
08:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Cybercrime Economy Generates $1.5 Trillion a Year

Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.'

RSA CONFERENCE 2018 – San Francisco – If cybercrime was a country, it would have the 13th highest GDP in the world. Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime.

"Into the Web of Profit," among the first studies to explore the intricacies of revenue and profit in the world of cybercrime, was conducted by Dr. Michael McGuire, senior lecturer in Criminology at England's University of Surrey. Over nine months of study, he learned how the "economy" of cybercrime sustains itself and overlaps with the legitimate economy.

This wasn't the original intent behind the Bromium-sponsored study, which began with the idea of learning where cybercriminals spend their money. "It turned into a huge piece of research, which looks at the whole of how money flows around the cybercrime system," says McGuire. The report pieces together conversations with global organizations, security workers who have infiltrated the Dark Web, international police forces, and of course, the criminals themselves.

His study indicates a rise in "platform criminality" similar to the platform capitalism model in which data is the commodity, used by organizations including Amazon and Facebook. This platform turns malware into a product, simplifies purchase of illicit tools and services, and enables broader criminal activities including drug production, human trafficking, and terrorism.

More than 620 new synthetic drug types have appeared on the market since 2005, McGuire says. Many are created in China or India, purchased online, and sent to Europe in bulk. Evidence shows groups earning revenue from cybercrime are also involved in drug production, he found. The takedown of Dark Web online market Alphabay led to the discovery of listings for illegal drugs, toxic chemicals, malware, and stolen and fraudulent data.

The $1.5 trillion that cybercriminals generate each year includes $860 billion in illicit online markets, $500B in theft of trade secrets and intellectual property, $160B in data trading, $1.6B in crimeware-as-a-service, and $1B in ransomware. Evidence indicates cybercrime often generates more revenue than legitimate companies: large multi-national operations can earn more than $1B; smaller ones typically make between $30k-$50K.

It's time to move behind the idea that cybercrime is like a business. "It's much, much more than that," he says. "It's like an economy which mirrors the legitimate economy. Increasingly, what we're seeing is the legitimate economy feeding off the cybercrime economy."

Blurring the Legal Lines

The interdependence between the legitimate and illegitimate economies is driving the "web of profit" fueling cybercrime, McGuire says. Criminal organizations take data and competitive advantages from real companies and luse them to accomplish their goals. Part of the problem is, many of these legitimate organizations don't know their role in furthering cybercrime.

Companies like Facebook and Uber are rich with data, making them a prime target for attackers seeking user information and intellectual property. They give hackers a platform to sell illicit goods and services, and set up fake shops to launder money or connect buyers and sellers. This makes massive companies facilitators in a criminally driven economy.

The owners of cybercrime platforms are the biggest earners, McGuire found. Each hacker might only make $30K per year; however, managers can earn up to $2M per job with as few as 50 stolen credit cards. They aren't committing crime but they are selling it, and their criminal platforms have evolved to offer services, descriptions, and technical support for their buyers.

McGuire shares some of the numbers behind these earnings. A zero-day Adobe exploit, for example, can sell for up to $30K while a zero-day iOS exploit costs $250K. Malware exploit kits cost about $200-600 per exploit; a blackhole exploit kit costs $700 to lease for a month or $1,500 for a full year. Custom spyware costs $200, an SMS-spoofing service runs $20 per month, and a "hacker for hire" will charge about $200 for a minor hack.

Much of the money is reinvested in new criminal ventures. Criminals put about 20% of their revenues into additional crime, indicating up to $300B is used to drive illegal activity.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1619
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session ...
CVE-2019-1620
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could ex...
CVE-2019-1621
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker...
CVE-2019-1622
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software...
CVE-2019-10133
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.