sb-au logo
Story image

Cybercrime industry raking in $1.5 trillion profit - most from online markets

23 Apr 2018

How much are cybercriminals earning for their efforts? A new study by Bromium suggests that figure could be as much as US$2 million per job for those who are cybercriminal platform owners – although individual hackers can still walk away with US$30,000 per year.

The resulting cybercrime industry may be raking in as much as $1.5 trillion worth of illicit profits that are being acquired, laundered, spent, and reinvested. The industry is now an ‘interconnected Web of Profit’ – a self-sustaining system.

The study, conducted by the University of Surrey’s senior lecturer in criminology, Dr Michael McGuire, is based on conversations from the UK’s GHCQ, the US FBI, Europol, global financial institutions, and even covert security workers who infiltrated the dark web.

Illicit and illegal online markets make up the bulk of the $1.5 trillion economy ($860) billion; theft of trade secrets and IP is worth $500 billion; data trading is worth $160 billion; crimeware-as-a-service is worth $1.6 billion; and despite its prevalence, ransomware is only worth $1 billion.

McGuire calls cybercrime an economy: “A hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale.”

Cybercriminal platform owners will take the biggest share of the cybercrime actions. Managers can earn up to $2 million just with 50 stolen card details.

‘Platform capitalism’ has now extended beyond legitimate companies like Facebook and Amazon, and has now filtered down to the dark web to create the ‘Web of Profit’.

Bromium CEO Gregory Webb adds that the lines between criminal and ‘legitimate’ worlds are now blurring.

“We are no longer simply dealing with ‘hackers in hoodies.’ We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cybercrime, the security community can better understand how to disrupt and stop them. New approaches to cybersecurity will be required,” Webb says.

Individual services and products available on the dark web include:

·       Zero-day Adobe exploits, up to $30,000

·       Zero-day iOS exploit, $250,000

·       Malware exploit kit, $200-$600 per exploit

·       Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year

·       Custom spyware, $200

·       SMS spoofing service, $20 per month

·       Hacker for hire, around $200 for a “small” hack

McGuire found a number of criminal sites offering ratings, descriptions, reviews, services, and customer support – all of which improve the criminal customer experience.

Advertising is also a core revenue generator -  before being taken down in 2016, the ‘Kickass Torrents’ platform was worth over $54 million, with estimated $12.5-$22.3 million annually in ad revenue alone, the report says.

Dark web market AlphaBay was one of the dark web’s biggest online crime markets before it was taken down. The platform not only included cybercrime tools, but also illicit substances, firearms, counterfeit goods, and toxic chemicals.

“We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005. Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe,” McGuire notes.

Platform criminality is also contributing to human trafficking, the report suggests.

“Pimps frequently use the internet as a tool for gathering revenues from clients and workers, and then recycle this back into the logistics (and costs) of trafficking victims from target locations with economically vulnerable populations,” McGuire concludes.

Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Five security challenges for the Enterprise of Things
Many enterprise networks aren't adequately managed, creating risk for businesses that don’t have full visibility into all of the devices on their network, writes Forescout regional director for A/NZ Rohan Langdon.More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More