Cybercriminals are now making more than billion-dollar corporations according to a new study from Atlas VPN. Researchers from the company found that cyberattacks are helping criminals in total to make more than $1.5 trillion in revenue each year, which is the three times the $514 billion Walmart makes annually.
Cybercrime is even more lucrative than the technology used to commit these acts, with the revenues from Apple, Amazon, Facebook, Tesla and Microsoft bringing in a combined total of $761 billion in 2019.
“All things considered, with entry costs relatively low and profits exceeding those of traditional crimes, cybercrime is an attractive choice for most criminals. Thus, we can expect cybercrime cases to reach new heights in 2020,” said Atlas VPN chief operating officer Rachel Welch.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
The report broke down the lucrative cybercrime business into five different silos, including ransomware, cybercrime-as-a-service, data trading, trade secrets or IP theft, and illegal online markets.
Ransomware nets hackers about $1 billion each year while cybercrime-as-a-service can bring in as much as $1.6 billion annually. With cybercrime-as-a-service or crime-ware, criminals offer their services or tools for others to use, and these attacks often include Trojans, DDoS attacks, and even phishing email campaigns.
The sale of data on the Dark Web has become wildly lucrative for cybercriminals as well. The report says hackers make an estimated $160 billion per year from selling people’s personal data like stolen credit card numbers, bank account details, or private information.
Etay Maor, chief security officer at cybersecurity firm IntSights, said it was hard to estimate how much cybercriminals actually make for a number of reasons. First, it is difficult to know what falls directly under the category of “cybercrime.”
“What categories do you include or exclude? For example – selling drugs on the Dark Web. Is that cybercrime? Do you only count direct revenue? Do you actually know what IP was stolen and how much it was sold for?” he said.
Another complicated aspect of cybercrime revenue is the fact that much of it is accumulated and held in cryptocurrency, which is wildly volatile in terms of value. According to Maor, cryptocurrency markets lost over $26 billion on March 9 due in no small part to investor fears over the spread of COVID-19 and the beginning of an oil price war between Russia and Saudi Arabia.
Bitcoin alone lost 10% of its value in one day and other cryptocurrencies like XRP, and BitcoinCash and Ethereum had huge losses as well.
“Based on underground chatter in criminal forums, IntSights researchers predict two outcomes: A temporary slowdown in the trade of criminal goods and services—including stolen credit cards and credentials—and an increase in the purchase of cryptocurrencies while costs are low. Increased investment into digital coin is likely to happen in more stable regions of the world where criminals have invested into local currencies and physical goods,” Maor wrote in a recent report.
“Poorer regions of the world will experience significantly greater instability and slowdown in cybercrime because threat actors have less invested into regional currencies. Latin America is a prime example of a region that will likely experience a temporary slowdown.”
Researchers from Atlas VPN studied the data of prosecuted cybercriminals and found that there is a wide range of incomes depending on status, rank within a group and complexity of attacks. Some cybercriminals can bring in about $45,000 per year while others can rake in more than $2 million.
“Some still believe that a typical hacker is a guy wearing a hoodie in a dark room. Nowadays, cybercriminal groups have everything from hiring staff to executives. Some groups even have public personas who make sure the hacker group has a good reputation,” the report added.
“Hackers sell most of their stolen goods on the Dark Web, where reputation is key. All things considered, with entry costs relatively low and profits exceeding those of traditional crimes, cybercrime is an attractive choice for criminals. There’s also less risk when carrying out cyberattacks than, let’s say, burglary or armed robbery.”
Cybercrime outfits are now sophisticated operations with multiple levels of workers, from coders and call center workers to data miners and money laundering specialists.