Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Cybercrime May Be the World's Third-Largest Economy by 2021

The underground economy is undergoing an industrialization wave and booming like never before.

As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.

That's why the World Economic Forum's (WEF) "Global Risks Report 2020" states that cybercrime will be the second most-concerning risk for global commerce over the next decade until 2030. It's also the seventh most-likely risk to occur, and eighth most impactful. And the stakes have never been higher. Revenue, profits, and the brand reputations of enterprises are on the line; mission-critical infrastructure is being exposed to threats; and nation-states are engaging in cyber warfare and cyber espionage with each other. 

Putting things into perspective: Walmart, which racks up America's greatest firm earnings, generated a mind-blowing $514 billion in revenue last year. Yet cybercrime earns 12 times that. Both sell a huge variety of products and services. In fact, in terms of earnings, cybercrime puts even Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart to shame. Their combined annual revenue totals "just" $1.28 trillion. 

The cybercrime markets have also split up into groups as the bad guys take pains to gather in secretive, exclusive discussion boards to avoid scrutiny from police and fraudsters. Their constantly evolving portfolio of cybercrime services includes everything from distributed denial-of-service (DDoS) attacks and malware to phishing campaigns, Trojans, and massive stolen data sets — all available to anyone who's willing to pay for them.

Cybercrime is undergoing an industrialization wave and offers everything that a regular legal company does: product development, technical support, distribution, quality assurance, and even customer service. Cybercriminals rob and then sell new technologies or secret strategic plans that will give their buyers an edge over their competitors. Hackers steal military secrets, renewable energy innovations, and more. 

Cybercrime Is a Team Effort
Cybercrime is a growing concern and also less risky than committing traditional crimes such as bank robbery. In fact, the WEF says that in the US, the likelihood of catching cybercrime actors and hauling them into court is estimated to be as low as 0.05%.

With a smoothly operating team flogging a broad set of services, cybercriminals can earn roughly 10% to 15% more than their traditional counterparts. But there are yawning gaps between the revenues that different hackers pull in. It depends on the job, the risk they incur, and how many people work for the organization. The top earners can rake in more than $2 million per year.

Some people imagine that the average hacker is a geeky teenager in a hoodie hiding out in a dark basement. Some of them might be this way, but today's cybercriminals are more polished: They do everything from recruit staff to appoint executives. Some groups even have public personas who ensure the hacker group maintains its sterling reputation. This is important on the Dark Web, where hackers transact most of their business.

The United Kingdom's National Cyber Security Centre (NCSC) has highlighted that organized cybercriminals have different roles to make their operations run smoothly. There are "team leaders" who coordinate the work and are responsible for staying one step ahead of the law. They guide the "data miners," the people who systemize stolen data; "coders" who write and alter malicious code; and "intrusion specialists," who infect and infiltrate target companies. Further, "call center agents" phone people and pretend to be computer support staff; their job is to install malware on the victim's computer. "Money specialists" launder money.

Most Popular: Ransomware and DDoS Extortion
According to Europol, exploit kits are no longer the top products, but their replacements are not proving to be as sophisticated or popular. Theft via malware has been declining as a threat; in its place, the cybercriminals of today use ransomware and DDoS extortion, which are easier to monetize.

For example, take booter services. These are mercenary DDoS soldiers who use large-scale botnets or manipulated cloud accounts to produce a malicious flood of data that stops IT cold. Their attacks can last for days and cost anywhere between $10 for a small attack to thousands of dollars for more complex jobs. They can be part of a ransom scheme, vandalism, or sabotage, or simply a way to disguise a multivector attack while occupying the victim's IT resources. The University of Cambridge has found that such assaults have become so common that their purchasers even include school-age children.

Europol's "Internet Organised Crime Threat Assessment 2019" report describes how DDoS attacks are one of the most serious threats facing global business. The preferred DDoS targets of criminals last year were banks and other financial institutions, public organizations such as police departments, and local governments. Travel agents, Internet infrastructure, and online gaming were also favorite victims. Some bad actors were arrested, but they failed to make a dent in the growth rate of DDoS attacks or on the Dark Web infrastructure that makes them possible, according to Europol.

A New Paradigm
Digital services are essential to organizations of all sizes, from small online shops to global giants. If services are annoyingly slow or offline for hours or even days, the firm's revenue and reputation will take a hit. Once, it took a while for news about this sort of disruption to get around, but those days are gone. Today, everyone knows everything almost instantly. That's why using botnets are cash cows for cybercriminals: They can use them in DDoS attacks to extort money from website owners by threatening attacks that will take out their services.

Awareness of this and other risks is growing, and more companies are spending on cyber-risk management. Nevertheless, the WEF says that cybersecurity spending is still far from what it needs to be, given the scale of the threat.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/14/2020 | 6:11:01 AM
Re: Pending Review
Foreign-originating hacking should be treated as an act of war. Industrial espionage and sabotage are the acts of spies. In war, spies are executed and don't go to trial. We need cyber bounty hunters. Until there is sufficient deterrence, they won't choose honest work.
User Rank: Apprentice
4/13/2020 | 6:30:54 PM
Sketchy Data for the $6T Number
I appreciate the intent behind the article, but candidly the WEF report references highly susptect data to come up with the $6T number.  The only source referenced in the WEF report is a Forbes contributor article that in turn references a security vendor report from an MSS provider.  I don't think of this forecast as reliable, scientific, or comprehensive.
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-24
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
PUBLISHED: 2021-02-24
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
PUBLISHED: 2021-02-24
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
PUBLISHED: 2021-02-24
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
PUBLISHED: 2021-02-24
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.