Ransomware, stolen data or malware: How do online crooks really make their money?

The cybercrime economy has "now become a kind of mirror image of contemporary capitalism", says paper.
Written by Danny Palmer, Senior Writer

The cybercriminal economy has hit global revenues of $1.5 trillion a year, according to a study which shows the vast scale of cybercrime and how profits are acquired, laundered, spent and reinvested.

A nine-month long investigation into cybercriminal activity warns that actions by criminals on the dark web and beyond should be classed as an economy in its own right in order to account for the vast web of activity and actors involved.

"The metaphor of 'cybercrime as a business' is no longer adequate to capture its complexities." says the Into the Web of Profit report, commissioned by Bromium and conducted by the University of Surrey.

"A more appropriate metaphor is an economy, not a business; a structure functioning as a literal "Web of Profit" - a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting and maintaining criminal revenues at unprecedented scale."

Such is the extent of the economic model around cybercrime, the report suggests that it has "now become a kind of mirror image of contemporary capitalism" complete with disruptive business models.

"The main contribution of platforms is to connect individuals with a service or product - the platforms produce nothing themselves in this process, but the users provide platforms with the most precious of all commodities within an information-based economy - their data," said Dr. Michael McGuire, senior lecturer of criminality at the University of Surrey and lead researcher of the report.

The success of these platforms has helped the cybercriminal economy generate at least $1.5 trillion in revenue a year. Illegal online markets, selling items like drugs, illegal pharmaceuticals and counterfeit goods counting for about half of the total revenue - $860 billion.

Pilfering of trade secrets and IP theft is said to account for just over a third of cybercriminal revenue, with a value of $500 billion.

See also: Cyberwar: A guide to the frightening future of online conflict

However, there's still plenty of revenue being generated by lower level cybercrime - the use and sale of stolen data as an object of commerce is described as a "vibrant part of the cybercrime economy" and accounts for 11 percent - or $160 billion - of total revenues. While the revenues are lower than selling items or trade secrets, it's a lower risk activity and thus more attractive to some than original theft.

The likes of cybercrime-as-a-service and malware distribution bring in some of the lowest revenues of the criminal economy - accounting for $1.6 billion in revenue - but represent high yield options for individual cybercriminals.

Ransomware also falls into this model, accounting for $1 billion in revenue in its own right, and something individuals can easily profit from.

"Certainly, the claim that ransomware represents one of the most lucrative cybercrimes may hold in the case of individual attacks, but the overall revenues remain low in comparison to other categories," says the report.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

As increasing profits are made from cybercrime, those operating in this sphere require ever-more complex ways of laundering the funds. The report suggests that, of the estimated £2 trillion of laundered money being circulated around the globe, $200 billion can be attributed to revenues derived from cybercrime.

Those operating in the online space are increasingly picking up practices from traditional crime gangs and deploying methods of laundering -- such as illicit uses of the legitimate banking system, money mules, shell companies, and wire transfers -- in order to hide activity.

While cryptocurreny is a popular means of trading on the dark web, the report suggests it doesn't have widespread use when it comes to laundering profits, with only four percent of money laundered in Bitcoin and other cryptocurrencies.

When it comes to spending illegal profits, cybercriminals are acting in much the same way as traditional gangs - using it to buy everything from household commodities, to luxury items, to sports cars and even property.

However, for some, this isn't the end of the road, with cybercriminals often choosing to invest in additional tools for further hacking, cyberattacks and online crime. Unfortunately, what all of this likely means for legitimate consumers and businesses is an increasing number of attacks in future.

"The platform criminality model is productizing malware and making cybercrime as easy as shopping online," said Gregory Webb, chief executive of Bromium.

"Not only is it easy to access cybercriminal services and expertise; it means business - both public and private - are going to see more attacks with increasing sophistication. We expect an onslaught of attacks as The Web of Profit gains momentum."


Editorial standards