Cybercrime is an underground economy worth millions and millions of dollars. It’s organized, works like a legitimate economy, and hires expert hackers. Business experts, including MBAs, can select big targets, just as they could plan strategies for a business. Equally, the cybercrime industry is in a mess, which all but guarantees the continuation of cybercrime. Let’s take a look at the inner workings of the underground internet economy and find out just what makes it run so smoothly.
Low barriers to entry
You could be forgiven for thinking that high costs are involved when it comes to entering the cybercrime business, but it isn’t that expensive at all. The majority of data and tools required by a cybercriminal can be acquired cheaply. A keystroke logger, for example, costs only around $20. Labor costs can also be low, as many cybercriminals no longer need an expert hacker. An individual with just basic level technical knowledge can find the tools they need online. It isn’t uncommon for a criminal to buy a set of tools to steal data and then sell it to someone else, just as any retail outlet would via a supply chain.
There is somewhat open communication within the cybercrime economy. There are websites, including forums, where cybercriminals offer information and tools for sale, as well as discuss future projects. Someone who has no experience with cybercrime could be forgiven for thinking that he’s on a legitimate website. While marketing both the data gathered from various exploits and tools of the trade isn’t as straightforward as promoting a legal entity, there’s no shortage of offers on these sites.
Just a few short years ago, most cybercrime incidents involved breaking into Windows-based systems. Now hackers are also looking towards tablets and smartphones commonly operated with minimal protection against malware and viruses, compared to desktop computers, at least. This change is particularly troublesome, as mobile platforms are becoming a key area where both numerous organisations and individuals handle financial transactions. That doesn’t mean that traditional tactics aren’t still being employed, however. One of the more recent examples was reported by Kaspersky Lab, which revealed that cybercriminals stole $2.3 million through a phishing scam that took advantage of two timely events: GDPR and the World Cup. The hackers also used new ICO projects and giveaways along with traditional phishing tactics.
The cybercrime economy is having some success at a time when legal enterprises are failing. The costs associated with addressing these crimes are largely funded by large organisations. Large investments are required for both prevention and damage control. These costs are expected to increase further, even with new tools, laws, and initiatives all designed to combat cybercrime.
There are numerous individuals and organisations that suggest cybercrime could become significantly worse in the years ahead, especially when taking into account how easily the tools and techniques of cybercriminals can be applied to cyberterrorism and cyberwarfare. The only workable response for the cybersecurity industry is to catch up with their illegal foes. And catch up fast.