2016 will be written in the history books as a turbulent twelve months. One which saw large fluctuations in currency values, a fall in the price of oil, the political fallout of Brexit, India’s savage attempt to reduce corrupt payments, the tussling of the election of the President of the United States, endless record busting data breaches and denial of service attacks affecting entire geographical regions. Uncertainty reigned king leaving us with the only guarantee that nothing could be guaranteed.
Yet, there was one industry which refused to comply. Instead it grew exponentially as if invulnerable to the geo-politics and the value of the currency weaknesses suffered by others. Cybercrime has come a long way, having shed its former image as an immature venture populated by disorganised players, it has exploded into the limelight as 2016’s hottest investment opportunity.
Radware’s ERT report has revealed through surveyed research that 2016 was the year that the cybercrime industry achieved enviable reach. Staggeringly, 98% of organisations had been in receipt of at least one type cybercrime that year. In particular, 56% of those surveyed reported a ransom demand, double the audience of 2015. Such thunderous expansion is no accident and has been a result of maturing business models over the past 3-4 years. An industry once dominated by small organisations and individuals acting on impulse has seen consolidation into larger groups with a more strategic outlook. These groups can be split into two categories; those which develop zero-day exploits and resell to dark-web distribution partners for thousands of USD; and those which commoditise their activities by offering a SaaS (Software as a Service), sometimes for as low as 19.99 USD per activity.
Irrespective of the route to market, the cybercrime industry succeeded making their product highly accessible to both novice and the thrifty. Ransom-based cybercrime has been the most reliably measurable of income streams the industry enjoys and was reported by the FBI to total more than $1bn in 2016. This represents a 400% increase on the previous year when yields were estimated at $250m. It’s tough, if not impossible, to find a better investment opportunity in any other industry and those with a nose for an opportunity have not failed to take note. Newcomers offering service stressing services, those which overwhelm targets with floods of traffic, are reported to be earning more than 100,000 USD with very little start-up capital required.
Winning by other's mistakes
Fundamentally not all the success of the cybercrime industries growth can be attributed to its own activities. Rather, the failing of its victims has helped to greatly embolden its position at the top. A lack of consistency in estimating the true cost of cybercrime to an organisation has meant that the cybercrime industry has employed vast regional cost differences. For example, Radware’s survey respondents in the APAC (Asia Pacific) region estimated a single instance of cybercrime to be worth 1.25m USD, whereas their European counterparts reported a more conservative 250,000 USD. By ensuring cybercrime ransoms are priced just below these values, it’s hard for business leaders to resist payment. Yet with most security experts estimating the true value of a cybercrime instance being a much lower 100,000 USD, the profit margins enjoyed by cybercriminals can be considered in part to be one of self-infliction by the victims themselves.
The cash cow that has become cybercrime shows no signs of slowing in 2017, for one the increase in internet-connected devices also known as IoT (Internet of Things). Millions of consumer devices with the ability to connect to internet and traditionally lower levels of in-built security are predicted to be purchased in the coming twelve months, representing fresh meat to the cybercrime industry. An early indicator and grand introduction to this was the rise of the Mirai botnet which created the largest zombie army recorded. It subsequently launched the largest DDoS attack disrupting some of the world’s largest websites and the wider internet in some geographical regions. If the cybercrime industry had alluded you before, it had now caught the remaining attention.
With an increasing audience, high profit margins and record growth, early investors are the most envied of all. Even those that have flocked to the industry since have profited handsomely. It’s a modern day gold rush and it’s not hard to see why.
The above editorial has been written as if cybercrime was a legitimate business industry. With cybercrime and ransom demands increasing at exponential rates, understanding the motivations of the cybercriminal can be best achieved by comparing their world to ours.