Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Cybercrime May Be the World's Third-Largest Economy by 2021

The underground economy is undergoing an industrialization wave and booming like never before.

As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.

That's why the World Economic Forum's (WEF) "Global Risks Report 2020" states that cybercrime will be the second most-concerning risk for global commerce over the next decade until 2030. It's also the seventh most-likely risk to occur, and eighth most impactful. And the stakes have never been higher. Revenue, profits, and the brand reputations of enterprises are on the line; mission-critical infrastructure is being exposed to threats; and nation-states are engaging in cyber warfare and cyber espionage with each other. 

Putting things into perspective: Walmart, which racks up America's greatest firm earnings, generated a mind-blowing $514 billion in revenue last year. Yet cybercrime earns 12 times that. Both sell a huge variety of products and services. In fact, in terms of earnings, cybercrime puts even Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart to shame. Their combined annual revenue totals "just" $1.28 trillion. 

The cybercrime markets have also split up into groups as the bad guys take pains to gather in secretive, exclusive discussion boards to avoid scrutiny from police and fraudsters. Their constantly evolving portfolio of cybercrime services includes everything from distributed denial-of-service (DDoS) attacks and malware to phishing campaigns, Trojans, and massive stolen data sets — all available to anyone who's willing to pay for them.

Cybercrime is undergoing an industrialization wave and offers everything that a regular legal company does: product development, technical support, distribution, quality assurance, and even customer service. Cybercriminals rob and then sell new technologies or secret strategic plans that will give their buyers an edge over their competitors. Hackers steal military secrets, renewable energy innovations, and more. 

Cybercrime Is a Team Effort
Cybercrime is a growing concern and also less risky than committing traditional crimes such as bank robbery. In fact, the WEF says that in the US, the likelihood of catching cybercrime actors and hauling them into court is estimated to be as low as 0.05%.

With a smoothly operating team flogging a broad set of services, cybercriminals can earn roughly 10% to 15% more than their traditional counterparts. But there are yawning gaps between the revenues that different hackers pull in. It depends on the job, the risk they incur, and how many people work for the organization. The top earners can rake in more than $2 million per year.

Some people imagine that the average hacker is a geeky teenager in a hoodie hiding out in a dark basement. Some of them might be this way, but today's cybercriminals are more polished: They do everything from recruit staff to appoint executives. Some groups even have public personas who ensure the hacker group maintains its sterling reputation. This is important on the Dark Web, where hackers transact most of their business.

The United Kingdom's National Cyber Security Centre (NCSC) has highlighted that organized cybercriminals have different roles to make their operations run smoothly. There are "team leaders" who coordinate the work and are responsible for staying one step ahead of the law. They guide the "data miners," the people who systemize stolen data; "coders" who write and alter malicious code; and "intrusion specialists," who infect and infiltrate target companies. Further, "call center agents" phone people and pretend to be computer support staff; their job is to install malware on the victim's computer. "Money specialists" launder money.

Most Popular: Ransomware and DDoS Extortion
According to Europol, exploit kits are no longer the top products, but their replacements are not proving to be as sophisticated or popular. Theft via malware has been declining as a threat; in its place, the cybercriminals of today use ransomware and DDoS extortion, which are easier to monetize.

For example, take booter services. These are mercenary DDoS soldiers who use large-scale botnets or manipulated cloud accounts to produce a malicious flood of data that stops IT cold. Their attacks can last for days and cost anywhere between $10 for a small attack to thousands of dollars for more complex jobs. They can be part of a ransom scheme, vandalism, or sabotage, or simply a way to disguise a multivector attack while occupying the victim's IT resources. The University of Cambridge has found that such assaults have become so common that their purchasers even include school-age children.

Europol's "Internet Organised Crime Threat Assessment 2019" report describes how DDoS attacks are one of the most serious threats facing global business. The preferred DDoS targets of criminals last year were banks and other financial institutions, public organizations such as police departments, and local governments. Travel agents, Internet infrastructure, and online gaming were also favorite victims. Some bad actors were arrested, but they failed to make a dent in the growth rate of DDoS attacks or on the Dark Web infrastructure that makes them possible, according to Europol.

A New Paradigm
Digital services are essential to organizations of all sizes, from small online shops to global giants. If services are annoyingly slow or offline for hours or even days, the firm's revenue and reputation will take a hit. Once, it took a while for news about this sort of disruption to get around, but those days are gone. Today, everyone knows everything almost instantly. That's why using botnets are cash cows for cybercriminals: They can use them in DDoS attacks to extort money from website owners by threatening attacks that will take out their services.

Awareness of this and other risks is growing, and more companies are spending on cyber-risk management. Nevertheless, the WEF says that cybersecurity spending is still far from what it needs to be, given the scale of the threat.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/14/2020 | 6:11:01 AM
Re: Pending Review
Foreign-originating hacking should be treated as an act of war. Industrial espionage and sabotage are the acts of spies. In war, spies are executed and don't go to trial. We need cyber bounty hunters. Until there is sufficient deterrence, they won't choose honest work.
User Rank: Apprentice
4/13/2020 | 6:30:54 PM
Sketchy Data for the $6T Number
I appreciate the intent behind the article, but candidly the WEF report references highly susptect data to come up with the $6T number.  The only source referenced in the WEF report is a Forbes contributor article that in turn references a security vendor report from an MSS provider.  I don't think of this forecast as reliable, scientific, or comprehensive.
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.