Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Cybercrime May Be the World's Third-Largest Economy by 2021

The underground economy is undergoing an industrialization wave and booming like never before.

As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.

That's why the World Economic Forum's (WEF) "Global Risks Report 2020" states that cybercrime will be the second most-concerning risk for global commerce over the next decade until 2030. It's also the seventh most-likely risk to occur, and eighth most impactful. And the stakes have never been higher. Revenue, profits, and the brand reputations of enterprises are on the line; mission-critical infrastructure is being exposed to threats; and nation-states are engaging in cyber warfare and cyber espionage with each other. 

Putting things into perspective: Walmart, which racks up America's greatest firm earnings, generated a mind-blowing $514 billion in revenue last year. Yet cybercrime earns 12 times that. Both sell a huge variety of products and services. In fact, in terms of earnings, cybercrime puts even Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart to shame. Their combined annual revenue totals "just" $1.28 trillion. 

The cybercrime markets have also split up into groups as the bad guys take pains to gather in secretive, exclusive discussion boards to avoid scrutiny from police and fraudsters. Their constantly evolving portfolio of cybercrime services includes everything from distributed denial-of-service (DDoS) attacks and malware to phishing campaigns, Trojans, and massive stolen data sets — all available to anyone who's willing to pay for them.

Cybercrime is undergoing an industrialization wave and offers everything that a regular legal company does: product development, technical support, distribution, quality assurance, and even customer service. Cybercriminals rob and then sell new technologies or secret strategic plans that will give their buyers an edge over their competitors. Hackers steal military secrets, renewable energy innovations, and more. 

Cybercrime Is a Team Effort
Cybercrime is a growing concern and also less risky than committing traditional crimes such as bank robbery. In fact, the WEF says that in the US, the likelihood of catching cybercrime actors and hauling them into court is estimated to be as low as 0.05%.

With a smoothly operating team flogging a broad set of services, cybercriminals can earn roughly 10% to 15% more than their traditional counterparts. But there are yawning gaps between the revenues that different hackers pull in. It depends on the job, the risk they incur, and how many people work for the organization. The top earners can rake in more than $2 million per year.

Some people imagine that the average hacker is a geeky teenager in a hoodie hiding out in a dark basement. Some of them might be this way, but today's cybercriminals are more polished: They do everything from recruit staff to appoint executives. Some groups even have public personas who ensure the hacker group maintains its sterling reputation. This is important on the Dark Web, where hackers transact most of their business.

The United Kingdom's National Cyber Security Centre (NCSC) has highlighted that organized cybercriminals have different roles to make their operations run smoothly. There are "team leaders" who coordinate the work and are responsible for staying one step ahead of the law. They guide the "data miners," the people who systemize stolen data; "coders" who write and alter malicious code; and "intrusion specialists," who infect and infiltrate target companies. Further, "call center agents" phone people and pretend to be computer support staff; their job is to install malware on the victim's computer. "Money specialists" launder money.

Most Popular: Ransomware and DDoS Extortion
According to Europol, exploit kits are no longer the top products, but their replacements are not proving to be as sophisticated or popular. Theft via malware has been declining as a threat; in its place, the cybercriminals of today use ransomware and DDoS extortion, which are easier to monetize.

For example, take booter services. These are mercenary DDoS soldiers who use large-scale botnets or manipulated cloud accounts to produce a malicious flood of data that stops IT cold. Their attacks can last for days and cost anywhere between $10 for a small attack to thousands of dollars for more complex jobs. They can be part of a ransom scheme, vandalism, or sabotage, or simply a way to disguise a multivector attack while occupying the victim's IT resources. The University of Cambridge has found that such assaults have become so common that their purchasers even include school-age children.

Europol's "Internet Organised Crime Threat Assessment 2019" report describes how DDoS attacks are one of the most serious threats facing global business. The preferred DDoS targets of criminals last year were banks and other financial institutions, public organizations such as police departments, and local governments. Travel agents, Internet infrastructure, and online gaming were also favorite victims. Some bad actors were arrested, but they failed to make a dent in the growth rate of DDoS attacks or on the Dark Web infrastructure that makes them possible, according to Europol.

A New Paradigm
Digital services are essential to organizations of all sizes, from small online shops to global giants. If services are annoyingly slow or offline for hours or even days, the firm's revenue and reputation will take a hit. Once, it took a while for news about this sort of disruption to get around, but those days are gone. Today, everyone knows everything almost instantly. That's why using botnets are cash cows for cybercriminals: They can use them in DDoS attacks to extort money from website owners by threatening attacks that will take out their services.

Awareness of this and other risks is growing, and more companies are spending on cyber-risk management. Nevertheless, the WEF says that cybersecurity spending is still far from what it needs to be, given the scale of the threat.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
4/13/2020 | 6:30:54 PM
Sketchy Data for the $6T Number
I appreciate the intent behind the article, but candidly the WEF report references highly susptect data to come up with the $6T number.  The only source referenced in the WEF report is a Forbes contributor article that in turn references a security vendor report from an MSS provider.  I don't think of this forecast as reliable, scientific, or comprehensive.
User Rank: Apprentice
4/14/2020 | 6:11:01 AM
Re: Pending Review
Foreign-originating hacking should be treated as an act of war. Industrial espionage and sabotage are the acts of spies. In war, spies are executed and don't go to trial. We need cyber bounty hunters. Until there is sufficient deterrence, they won't choose honest work.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/13/2020
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-19
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and settin...
PUBLISHED: 2020-10-19
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administr...
PUBLISHED: 2020-10-19
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic...
PUBLISHED: 2020-10-19
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic...
PUBLISHED: 2020-10-19
A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.