New criminal platforms and a booming cybercrime economy have resulted in $1.5 trillion in illicit profits being acquired, laundered, spent and reinvested by attackers.
This was one of the findings of a study commissioned by Bromium, a virtualisation-based endpoint security company. Called ‘Into the Web of Profit', the study was conducted by Dr Mike McGuire, senior lecturer in criminology at Surrey University, and draws from first-hand interviews with convicted cybercriminals, data from international law enforcement agencies, financial institutions, and covert observations conducted across the dark Web.
According to Bromium, the study is one of the first studies to examine the dynamics of cybercrime by scrutinising revenue flow and profit distribution, instead of the mechanisms of cybercrime alone.
It looks at the cybercrime-based economy and the professionalisation of cybercrime. "This economy has become a self-sustaining system, an interconnected Web of profit that blurs the lines between the legitimate and illegitimate."
The research shows cybercriminal revenues worldwide of at least $1.5 trillion, the same as the GDP of Russia, a number Bromium calls a ‘conservative estimate'. "If cybercrime was a country, it would have the 13th highest GDP in the world."
This figure includes $860 billion made from illicit or illegal online markets, $500 billion from theft of trade secrets and intellectual property, $160 billion in data trading, $1.6 billion for Crimeware-as-a-Service, and $1 billion from ransomware.
According to the report, the dark economy is made up of a variety of operations, from large ‘multinational' operations that rake in profits of over $1 billion, to SME-style entities where profits of between $300 00 and $50 000 are expected.
In addition, the research revealed an emergence of ‘platform criminality', mirroring the platform capitalism model employed by businesses such as Uber and Amazon, where data itself is the commodity. New criminality models are enabled by these platforms, which, in turn, fund broader scourges such as human trafficking, drugs and terrorism.
Gregory Webb, CEO of Bromium, says the report delivered ‘shocking insight' into how profitable and widespread cybercrime really is.
"The platform criminality model is productising malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise, it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks."
The report also suggests that cybercrime shouldn't be strictly compared to business, as by nature it is more like an economy, with a ‘hyper-connected range of economic agents, economic relationships and other factors' that work together to generate, support and maintain criminal revenues at an ‘unprecedented scale', says McGuire.
Because legitimate businesses and nation states are now profiting from cybercrime, the study believes there is now an interdependence between the legitimate and illegitimate economies. Organisations are acquiring data and competitive advantage from the dark economy, and using it as a tool for strategy, global advancement and social control, says Bromium.
"There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime (albeit unwittingly, in most cases)," says McGuire.
Ilia Kolochenko, CEO of web security company High-Tech Bridge, says the report is 100% right in saying that cybercrime has become a highly profitable and sustainable business that no government can hope to control.
However, he suggests that it may have missed some figures, because the most serious cybercrimes, such as nation-state attacks or offensive operations from large conglomerates against competitors, are rarely detected, yet alone exposed.
"Publicly accessible platforms in the dark Web have a lot of scam and fake ads intertwined with law enforcement honeypots, too," adds Kolochenko.
And he says the fight against cybercrime isn't getting easier. "Professional Black Hats usually have inconspicuous private platforms, lawfully hosted in AWS or Azure, with full encryption of all data. You cannot get access unless you are a long-standing and verified partner.
"Nothing is less certain than global cybercrime size and volume," concludes Kolochenko.