Cybercrime Pays: New study finds cybercriminal revenues hit $1.5 TRILLION annually
A new study commissioned by Bromium examined new criminality platforms and the booming cybercrime economy
A new study, commissioned by Bromium and presented by Dr. Michael McGuire at RSA, has found that the cybercrime economy has grown to $1.5 trillion dollars annually. That’s $1.5 TRILLION US dollars in illicit profits.
The study, which was one of the first of its kind, aimed to examine the “dynamics of cybercrime” in the context of revenue flow and profit distribution. Over the course of nine months, Dr. McGuire, working in his capacity as a senior lecturer in Criminology at Surrey University, conducted interviews with convicted cybercriminals, analyzed data from international law enforcement operations and financial institutions, and conducted covert observations on the Dark Web. What Dr. McGuire found was a burgeoning industry, where the professionalization of cybercrime has become commonplace. This cybercrime economy is self-sufficient and blurs the lines of legality.
“The findings of Dr. McGuire’s research provide shocking insight into just how widespread and profitable cybercrime has become,” commented Gregory Webb, CEO of Bromium. “The platform criminality model is productizing malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as The Web of Profit continues to gain momentum. We can’t solve this problem using old thinking or outmoded technology. It’s time for new approaches.”
Conservative estimates in The Web of Profit research show cybercriminal revenues worldwide of at least $1.5 trillion
If you’re keeping track at home, $1.5 trillion is roughly equivalent to the GDP of Russia. Just let that sink in for a second. In fact, if Cybercrime were a country – run by President Guccifer 2.0 – it would have the 13th highest GDP in the world.
Breaking down that $1.5 trillion figure a little more, we can see how profitable some of these illicit activities actually are:
- $860 billion – Illicit/illegal online markets
- $500 billion – Theft of trade secrets/IP
- $160 billion – Data trading
- $1.6 billion – Crimeware-as-a-Service
- $1 billion – Ransomware
The report finds that Cybercrime functions on a number of levels, with some large “enterprise” style operations netting well over $1 billion while SME-style outfits made between $30,000-$50,000. But, Dr. McGuire was quick to caution against calling cybercrime operations analogous to businesses, instead preferring to describe cybercrime as an economy.
“A hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale.”
The rise of “Platform Crimality” is creating a “Monstrous Double” of the legitimate information economy
One of the newest trends in cybercrime is the move towards “Platform Criminality” wherein the facilitation of cybercrime, as opposed to the performance of the act itself, is the truly lucrative proposition.
Platform capitalism – a term used to describe the likes of Uber, Facebook and Amazon – is offering fertile ground for hackers to further their gains. Whether by hacking companies to acquire user data; intellectual property; disseminating malware; selling illegal goods and services; setting up fake shop fronts to launder money; or simply connecting buyers and sellers, it is evident that cybercriminals are adept at manipulating existing platforms for commercial gain. Yet beyond platforms being the targets and unwitting enablers of cybercrime, the report suggests they have provided inspiration – as a model of platform criminality emerges.
Per Dr. McGuire, “the main contribution of platforms is to connect individuals with a service or product.” While an individual hacker may only make upwards of $30,000 per year, a manager on a Cybercrime platform can make $2M per job. McGuire found numerous examples of services and products for sale on these various platforms (some examples are below). There’s even “Customer Service.” A fact made even more absurd when you contrast it with the fact that you practically have to hire a Private Investigator just to find a phone number to reach Google or Facebook.
- Zero-day Adobe exploits, up to $30,000
- Zero-day iOS exploit, $250,000
- Malware exploit kit, $200-$600 per exploit
- Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year
- Custom spyware, $200
- SMS spoofing service, $20 per month
- Hacker for hire, around $200 for a “small” hack
Not that this should surprise anyone, but these trends show no signs of slowing down. Cybercrime is a rapidly evolving industry, and everything about it – from the ways its perpetrated to the methods used to facilitate it – are growing more sophisticated. In 2018, the Cybercrime economy is worth $1.5 trillion.
Ten years from now… who knows?
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown