Cybercrime Economy Generates $1.5 Trillion a Year

  /     /     /  
Publicated : 22/11/2024   Category : security


Cybercrime Economy Generates $1.5 Trillion a Year


Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrimes web of profit.



RSA CONFERENCE 2018 – San Francisco – If cybercrime was a country, it would have the 13
th
highest GDP in the world. Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime.
Into the Web of Profit, among the first studies to explore the intricacies of revenue and profit in the world of cybercrime, was conducted by Dr. Michael McGuire, senior lecturer in Criminology at Englands University of Surrey. Over nine months of study, he learned how the economy of cybercrime sustains itself and overlaps with the legitimate economy.
This wasnt the original intent behind the Bromium-sponsored study, which began with the idea of learning where cybercriminals spend their money. It turned into a huge piece of research, which looks at the whole of how money flows around the cybercrime system, says McGuire. The report pieces together conversations with global organizations, security workers who have infiltrated the Dark Web, international police forces, and of course, the criminals themselves.
His study indicates a rise in platform criminality similar to the platform capitalism model in which data is the commodity, used by organizations including Amazon and Facebook. This platform turns malware into a product, simplifies purchase of illicit tools and services, and enables broader criminal activities including drug production, human trafficking, and terrorism.
More than 620 new synthetic drug types have appeared on the market since 2005, McGuire says. Many are created in China or India, purchased online, and sent to Europe in bulk. Evidence shows groups earning revenue from cybercrime are also involved in drug production, he
found
. The takedown of Dark Web online market Alphabay led to the discovery of listings for illegal drugs, toxic chemicals, malware, and stolen and fraudulent data.
The $1.5 trillion that cybercriminals generate each year includes $860 billion in illicit online markets, $500B in theft of trade secrets and intellectual property, $160B in data trading, $1.6B in crimeware-as-a-service, and $1B in ransomware. Evidence indicates cybercrime often generates more revenue than legitimate companies: large multi-national operations can earn more than $1B; smaller ones typically make between $30k-$50K.
Its time to move behind the idea that cybercrime is like a business. Its much, much more than that, he says. Its like an economy which mirrors the legitimate economy. Increasingly, what were seeing is the legitimate economy feeding off the cybercrime economy.
Blurring the Legal Lines
The interdependence between the legitimate and illegitimate economies is driving the web of profit fueling cybercrime, McGuire says. Criminal organizations take data and competitive advantages from real companies and luse them to accomplish their goals. Part of the problem is, many of these legitimate organizations dont know their role in furthering cybercrime.
Companies like Facebook and Uber are rich with data, making them a prime target for attackers seeking user information and intellectual property. They give hackers a platform to sell illicit goods and services, and set up fake shops to launder money or connect buyers and sellers. This makes massive companies facilitators in a criminally driven economy.
The owners of cybercrime platforms are the biggest earners, McGuire found. Each hacker might only make $30K per year; however, managers can earn up to $2M per job with as few as 50 stolen credit cards. They arent committing crime but they are selling it, and their criminal platforms have evolved to offer services, descriptions, and technical support for their buyers.
McGuire shares some of the numbers behind these earnings. A zero-day Adobe exploit, for example, can sell for up to $30K while a zero-day iOS exploit costs $250K. Malware exploit kits cost about $200-600 per exploit; a blackhole exploit kit costs $700 to lease for a month or $1,500 for a full year. Custom spyware costs $200, an SMS-spoofing service runs $20 per month, and a hacker for hire will charge about $200 for a minor hack.
Much of the money is reinvested in new criminal ventures. Criminals put about 20% of their revenues into additional crime, indicating up to $300B is used to drive illegal activity.
Related Content:
8 Ways Hackers Monetize Stolen Data
Trust: The Secret Ingredient to DevSecOps Success
At RSAC, SOC Sees User Behaviors
Biometrics Are Coming & So Are Security Concerns

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cybercrime Economy Generates $1.5 Trillion a Year