sb-nz logo
Story image

Cybercrime industry raking in $1.5 trillion profit - most from online markets

23 Apr 2018

How much are cybercriminals earning for their efforts? A new study by Bromium suggests that figure could be as much as US$2 million per job for those who are cybercriminal platform owners – although individual hackers can still walk away with US$30,000 per year.

The resulting cybercrime industry may be raking in as much as $1.5 trillion worth of illicit profits that are being acquired, laundered, spent, and reinvested. The industry is now an ‘interconnected Web of Profit’ – a self-sustaining system.

The study, conducted by the University of Surrey’s senior lecturer in criminology, Dr Michael McGuire, is based on conversations from the UK’s GHCQ, the US FBI, Europol, global financial institutions, and even covert security workers who infiltrated the dark web.

Illicit and illegal online markets make up the bulk of the $1.5 trillion economy ($860) billion; theft of trade secrets and IP is worth $500 billion; data trading is worth $160 billion; crimeware-as-a-service is worth $1.6 billion; and despite its prevalence, ransomware is only worth $1 billion.

McGuire calls cybercrime an economy: “A hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale.”

Cybercriminal platform owners will take the biggest share of the cybercrime actions. Managers can earn up to $2 million just with 50 stolen card details.

‘Platform capitalism’ has now extended beyond legitimate companies like Facebook and Amazon, and has now filtered down to the dark web to create the ‘Web of Profit’.

Bromium CEO Gregory Webb adds that the lines between criminal and ‘legitimate’ worlds are now blurring.

“We are no longer simply dealing with ‘hackers in hoodies.’ We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cybercrime, the security community can better understand how to disrupt and stop them. New approaches to cybersecurity will be required,” Webb says.

Individual services and products available on the dark web include:

·       Zero-day Adobe exploits, up to $30,000

·       Zero-day iOS exploit, $250,000

·       Malware exploit kit, $200-$600 per exploit

·       Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year

·       Custom spyware, $200

·       SMS spoofing service, $20 per month

·       Hacker for hire, around $200 for a “small” hack

McGuire found a number of criminal sites offering ratings, descriptions, reviews, services, and customer support – all of which improve the criminal customer experience.

Advertising is also a core revenue generator -  before being taken down in 2016, the ‘Kickass Torrents’ platform was worth over $54 million, with estimated $12.5-$22.3 million annually in ad revenue alone, the report says.

Dark web market AlphaBay was one of the dark web’s biggest online crime markets before it was taken down. The platform not only included cybercrime tools, but also illicit substances, firearms, counterfeit goods, and toxic chemicals.

“We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005. Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe,” McGuire notes.

Platform criminality is also contributing to human trafficking, the report suggests.

“Pimps frequently use the internet as a tool for gathering revenues from clients and workers, and then recycle this back into the logistics (and costs) of trafficking victims from target locations with economically vulnerable populations,” McGuire concludes.

Story image
Data is more valuable to cyber attackers than cash - report
Data theft was the goal of more than half of all attacks in 2019, according to PT. This is a 20 percentage point increase compared to 2018 when data theft was the goal of only 30% of incidents. More
Story image
Interview: ManageEngine's VP says legacy remote solutions aren't cutting it
Techday spoke with ManageEngine vice president Rajesh Ganesan on the company’s solutions to the rapid changes and issues facing workforces around the globe as millions upon millions pack up their offices and work from home.More
Story image
Microsoft Teams announces commitment to privacy in wake of Zoom woes
Microsoft 365 corporate vice president Jared Spataro says the Teams platform already has strong security and privacy policies in place, and committed to upholding them throughout this era of uncertainty.More
Story image
Interview: Ping Identity exec on why security system updates are critical during COVID-19
Techday spoke with Ping Identity country manager for A/NZ and Japan, Ashley Diffey, on how zero-trust is favourable over perimeter-based security, and what the changes in work mean for businesses in a post-COVID-19 world.More
Story image
PMT Security launches body-temp scanning solution for enterprise, Seadan to distribute
"It was a no-brainer for us to choose our trusted partners Seadan. We engaged and took advice from them during the decision-making process to find the best UNV product to bring to market."More
Story image
Interview: Aura GM on security implications for enterprise during and post-pandemic
Techday spoke with Aura Information Security general manager Peter Bailey on what this new normal means for cybersecurity, and its potential lasting effect on organisations.More