<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

Could Cybercrime be the most Profitable Industry in the World?

Topics: Ransomware, DDoS, Cybercrime

Posted: 23 February 2017

cybercrime legitimate business ransomware ddos

2016 will be written in the history books as a turbulent twelve months. One which saw large fluctuations in currency values, a fall in the price of oil, the political fallout of Brexit, India’s savage attempt to reduce corrupt payments, the tussling of the election of the President of the United States, endless record busting data breaches and denial of service attacks affecting entire geographical regions. Uncertainty reigned king leaving us with the only guarantee that nothing could be guaranteed.

Yet, there was one industry which refused to comply. Instead it grew exponentially as if invulnerable to the geo-politics and the value of the currency weaknesses suffered by others. Cybercrime has come a long way, having shed its former image as an immature venture populated by disorganised players, it has exploded into the limelight as 2016’s hottest investment opportunity.

Radware’s ERT report has revealed through surveyed research that 2016 was the year that the cybercrime industry achieved enviable reach. Staggeringly, 98% of organisations had been in receipt of at least one type cybercrime that year. In particular, 56% of those surveyed reported a ransom demand, double the audience of 2015. Such thunderous expansion is no accident and has been a result of maturing business models over the past 3-4 years. An industry once dominated by small organisations and individuals acting on impulse has seen consolidation into larger groups with a more strategic outlook. These groups can be split into two categories; those which develop zero-day exploits and resell to dark-web distribution partners for thousands of USD; and those which commoditise their activities by offering a SaaS (Software as a Service), sometimes for as low as 19.99 USD per activity.

High accessibility

Irrespective of the route to market, the cybercrime industry succeeded making their product highly accessible to both novice and the thrifty. Ransom-based cybercrime has been the most reliably measurable of income streams the industry enjoys and was reported by the FBI to total more than $1bn in 2016. This represents a 400% increase on the previous year when yields were estimated at $250m. It’s tough, if not impossible, to find a better investment opportunity in any other industry and those with a nose for an opportunity have not failed to take note. Newcomers offering service stressing services, those which overwhelm targets with floods of traffic, are reported to be earning more than 100,000 USD with very little start-up capital required.

Winning by other's mistakes

Fundamentally not all the success of the cybercrime industries growth can be attributed to its own activities. Rather, the failing of its victims has helped to greatly embolden its position at the top. A lack of consistency in estimating the true cost of cybercrime to an organisation has meant that the cybercrime industry has employed vast regional cost differences. For example, Radware’s survey respondents in the APAC (Asia Pacific) region estimated a single instance of cybercrime to be worth 1.25m USD, whereas their European counterparts reported a more conservative 250,000 USD. By ensuring cybercrime ransoms are priced just below these values, it’s hard for business leaders to resist payment. Yet with most security experts estimating the true value of a cybercrime instance being a much lower 100,000 USD, the profit margins enjoyed by cybercriminals can be considered in part to be one of self-infliction by the victims themselves.

The cash cow that has become cybercrime shows no signs of slowing in 2017, for one the increase in internet-connected devices also known as IoT (Internet of Things). Millions of consumer devices with the ability to connect to internet and traditionally lower levels of in-built security are predicted to be purchased in the coming twelve months, representing fresh meat to the cybercrime industry. An early indicator and grand introduction to this was the rise of the Mirai botnet which created the largest zombie army recorded. It subsequently launched the largest DDoS attack disrupting some of the world’s largest websites and the wider internet in some geographical regions. If the cybercrime industry had alluded you before, it had now caught the remaining attention.

With an increasing audience, high profit margins and record growth, early investors are the most envied of all. Even those that have flocked to the industry since have profited handsomely. It’s a modern day gold rush and it’s not hard to see why.

The above editorial has been written as if cybercrime was a legitimate business industry. With cybercrime and ransom demands increasing at exponential rates, understanding the motivations of the cybercriminal can be best achieved by comparing their world to ours.

radware infinigate ert global application report

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts