Bromium®, Inc., the pioneer and leader in virtualization-based endpoint security that stops advanced malware attacks via application isolation, today announced the findings of an independent study that looked into the interconnected dynamics of cybercrime, and examines how new criminality platforms and a booming cybercrime economy have resulted in $1.5 trillion in illicit profits being acquired, laundered, spent and reinvested by cybercriminals. Complete findings will be presented at the RSA Conference in San Francisco by researcher Dr. Michael McGuire, Senior Lecturer in Criminology at the University of Surrey in England.
This is one of the first studies to view the dynamics of cybercrime through the lens of revenue flow and profit distribution, and not solely on the well-understood mechanisms of cybercrime. The new research exposes a cybercrime-based economy and the professionalization of cybercrime. This economy has become a self-sustaining system – an interconnected Web of Profit that blurs the lines between the legitimate and illegitimate.
The research points to an emergence of platform criminality, mirroring the platform capitalism model currently used by companies like Uber and Amazon, where data is the commodity. The report also raises concerns about new criminality models that these platforms enable, which fund broader criminal activities such as human trafficking; drug production and distribution; and even terrorism.
“The findings of Dr. McGuire’s research provide shocking insight into just how widespread and profitable cybercrime has become,” commented Gregory Webb, CEO of Bromium. “The platform criminality model is productizing malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as The Web of Profit continues to gain momentum. We can’t solve this problem using old thinking or outmoded technology. It’s time for new approaches.”
Revenue Generation in the Hyper-Connected Web of Profit
Conservative estimates in The Web of Profit research show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. In fact, if cybercrime was a country it would have the 13th highest GDP in the world. This $1.5 trillion figure includes:
- $860 billion – Illicit/illegal online markets
- $500 billion – Theft of trade secrets/IP
- $160 billion – Data trading
- $1.6 billion – Crimeware-as-a-Service
- $1 billion – Ransomware
The report finds evidence that cybercrime revenues often exceed those of legitimate companies – especially at the small to medium enterprise size. In fact, revenue generation in the cybercrime economy takes place at a variety of levels – from large ‘multi-national’ operations that can make profits of over $1 billion; to smaller SME style operation where profits of $30,000-$50,000 are the norm. However, the report asserts that comparing cybercrime to a business is misleading. Cybercrime is more accurately described as an economy: “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale,” says Dr. Michael McGuire.
The report suggests that there is now a growing interconnectedness and interdependence between both the illegitimate and legitimate economies. This inter-dependence is creating what Dr. McGuire terms ‘The Web of Profit’. Dr. McGuire argues that “companies and nation states now make money from The Web of Profit. They also acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control. There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime (albeit unwittingly, in most cases).”
Platform Criminality in a Post-Crime Era
Platform capitalism – a term used to describe the likes of Uber, Facebook and Amazon – is offering fertile ground for hackers to further their gains. Whether by hacking companies to acquire user data; intellectual property; disseminating malware; selling illegal goods and services; setting up fake shop fronts to launder money; or simply connecting buyers and sellers, it is evident that cybercriminals are adept at manipulating existing platforms for commercial gain. Yet beyond platforms being the targets and unwitting enablers of cybercrime, the report suggests they have provided inspiration – as a model of platform criminality emerges.
According to Dr. McGuire, “this is creating a kind of ‘monstrous double’ of the legitimate information economy – where data is king. The Web of Profit is not just feeding off the way wealth is generated there, it is reproducing and, in some cases, outperforming it.” The report points to the success of modern ‘platforms’ – companies like Facebook, Google and Amazon – highlighting their role as facilitators rather than creators. “The main contribution of platforms is to connect individuals with a service or product. The platforms produce nothing themselves in this process, but the end-user consumers provide platforms with the most precious of all commodities within an information-based economy – their data. We are now seeing the same thing in the cybercriminal underworld,” states Dr. McGuire.
The report shows that cybercriminal platform owners are likely to receive the biggest benefit from this new wave of cybercrime, and that the owners will distance themselves from the actual commission of crime. In fact, it has been estimated individual hackers may only earn around $30,000 per year. Managers can earn up to $2 million per job – often with just 50 stolen card details at their disposal. Dr. McGuire refers to this as a shift to ‘post-crime’ reality, where cybercriminals are taking a ‘platform capitalism’ approach to selling, rather than committing crime.
In fact, McGuire found criminal sites offering ratings, descriptions, reviews, services, and even technical and customer support. These platforms are improving the criminal ‘customer experience’ and allowing easy access to services and products that support the commission of crime on a global scale. Some examples of services and products include:
- Zero-day Adobe exploits, up to $30,000
- Zero-day iOS exploit, $250,000
- Malware exploit kit, $200-$600 per exploit
- Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year
- Custom spyware, $200
- SMS spoofing service, $20 per month
- Hacker for hire, around $200 for a “small” hack
These platforms fuel industrial scale revenue generation, with their own sets of digital currencies and exchanges, production zones, tools supply, technical support, global distribution mechanism and marketplaces. They deal with specialized producers, suppliers, service providers and consumers. Interestingly, advertising is a core revenue generator too: before being taken down in 2016, the ‘Kickass Torrents’ platform was worth over $54 million, with estimated $12.5-$22.3 million annually in ad revenue alone.
Reinvestment and Furthering of Crime
As in the legitimate economy, criminal enterprises are going through digital transformation and diversifying into new areas of crime. Cybercriminals were foun