Global cybercrime economy generates over $1.5 trillion

Ground-breaking study, commissioned by Bromium, highlights emergence of Platform Criminality, exposing cybercriminal links to drug production, human trafficking and terrorism.

New criminality platforms and a booming cybercrime economy have resulted in $1.5 trillion in illicit profits being acquired, laundered, spent and reinvested by cybercriminals, according to Bromium’s independent study that looked into the interconnected dynamics of cybercrime.

This is one of the first studies to view the dynamics of cybercrime through the lens of revenue flow and profit distribution, and not solely on the well-understood mechanisms of cybercrime.

The new research exposes a cybercrime-based economy and the professionalisation of cybercrime. This economy has become a self-sustaining system – an interconnected web of profit that blurs the lines between the legitimate and illegitimate.

>See also: 2017 was the year that defined cybercrime

The research points to an emergence of platform criminality, mirroring the platform capitalism model currently used by companies like Uber and Amazon, where data is the commodity.

The report also raises concerns about new criminality models that these platforms enable, which fund broader criminal activities such as human trafficking; drug production and distribution; and even terrorism.

“The findings of Dr. McGuire’s research provide shocking insight into just how widespread and profitable cybercrime has become,” said Gregory Webb, CEO of Bromium.

“The platform criminality model is productising malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as The Web of Profit continues to gain momentum. We can’t solve this problem using old thinking or outmoded technology. It’s time for new approaches.”

Illegal revenue generation

Conservative estimates in research show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If cybercrime was a country it would have the 13th highest GDP in the world, according to the report.

>See also: The rise of cyber crime continues to accelerate

This $1.5 trillion figure includes:

• $860 billion – Illicit/illegal online markets.

• $500 billion – Theft of trade secrets/IP.

• $160 billion – Data trading.

• $1.6 billion – Crimeware-as-a-Service.

• $1 billion – Ransomware.

The report finds evidence that cybercrime revenues often exceed those of legitimate companies – especially at the small to medium enterprise size. In fact, revenue generation in the cybercrime economy takes place at a variety of levels – from large ‘multinational’ operations that can make profits of over $1 billion; to smaller SME style operation where profits of $30,000-$50,000 are the norm.

However, the report asserts that comparing cybercrime to a business is misleading. Cybercrime is more accurately described as an economy: “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale,” says Dr. Michael McGuire, senior lecturer in Criminology at the University of Surrey in England..

>See also: Collaboration is essential in fighting the growing threat of cybercrime

There is now a growing interconnectedness and interdependence between both the illegitimate and legitimate economies. This interdependence is creating what McGuire terms ‘The Web of Profit’. McGuire argues that “companies and nation states now make money from The Web of Profit. They also acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control. There is a range of ways in which many leading and respectable online platforms are now implicated in enabling or supporting crime (albeit unwittingly, in most cases).”

Platform criminality

Platform capitalism – a term used to describe the likes of Uber, Facebook and Amazon – is offering fertile ground for hackers to further their gains. Whether by hacking companies to acquire user data; intellectual property; disseminating malware; selling illegal goods and services; setting up fake shop fronts to launder money; or simply connecting buyers and sellers, it is evident that cybercriminals are adept at manipulating existing platforms for commercial gain. Yet beyond platforms being the targets and unwitting enablers of cybercrime, the report suggests they have provided inspiration – as a model of platform criminality emerges.

According to McGuire, “this is creating a kind of ‘monstrous double’ of the legitimate information economy – where data is king. The Web of Profit is not just feeding off the way wealth is generated there, it is reproducing and, in some cases, outperforming it.”

>See also: Cybercrime costs financial services sector more than any other industry

The report points to the success of modern ‘platforms’ – companies like Facebook, Google and Amazon – highlighting their role as facilitators rather than creators. “The main contribution of platforms is to connect individuals with a service or product. The platforms produce nothing themselves in this process, but the end-user consumers provide platforms with the most precious of all commodities within an information-based economy – their data. We are now seeing the same thing in the cybercriminal underworld,” stated McGuire.

Cybercriminal platform owners are likely to receive the biggest benefit from this new wave of cybercrime, and that the owners will distance themselves from the actual commission of crime. In fact, it has been estimated individual hackers may only earn around $30,000 per year. Managers can earn up to $2 million per job – often with just 50 stolen card details at their disposal. Dr. McGuire refers to this as a shift to ‘post-crime’ reality, where cybercriminals are taking a ‘platform capitalism’ approach to selling, rather than committing crime.

In fact, McGuire found criminal sites offering ratings, descriptions, reviews, services, and even technical and customer support. These platforms are improving the criminal ‘customer experience’ and allowing easy access to services and products that support the commission of crime on a global scale. Some examples of services and products include:

• Zero-day Adobe exploits, up to $30,000.

• Zero-day iOS exploit, $250,000.

• Malware exploit kit, $200-$600 per exploit.

>See also: Policing cybercrime: a national threat

• Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year.

• Custom spyware, $200.

• SMS spoofing service, $20 per month.

• Hacker for hire, around $200 for a “small” hack.

These platforms fuel industrial scale revenue generation, with their own sets of digital currencies and exchanges, production zones, tools supply, technical support, global distribution mechanism and marketplaces.

They deal with specialised producers, suppliers, service providers and consumers. Interestingly, advertising is a core revenue generator too: before being taken down in 2016, the ‘Kickass Torrents’ platform was worth over $54 million, with estimated $12.5-$22.3 million annually in ad revenue alone.

A new kind of crime

As in the legitimate economy, criminal enterprises are going through digital transformation and diversifying into new areas of crime. Cybercriminals were found to be reinvesting 20% of their revenues into further crime, which suggests up to $300 billion is being used to fund future cybercrime and other serious types of crime – including drug manufacturing, human trafficking or terrorism.

>See also: Staying ahead of the distributed cybercrime threat

For example, the report points to the takedown of Alphabay – one of the largest dark web online markets – revealed that in addition to more than 250,000 listings for illegal drugs, there were also listings for toxic chemicals, firearms, counterfeit goods, malware, and over 100,000 listings for stolen and fraudulent identification documents and access devices. This demonstrates that platform criminality can easily adapt to include other areas of crime.

The report identifies the development of cybercrime growth cycles, where money generated from cybercrime is being reinvested into further crime. Many of the larger cybercrime operations which have been detected typically reinvest revenues into expanding and developing the operation – for instance buying more crimeware, maintaining a website, paying mules, or other criminal requirements. Reinvestment also includes spending money to support other types of crime.

“We can clearly link cybercrime to the spread of new psychoactive substances with over 620 new synthetic drug types on the market since 2005. Many substances of this kind are manufactured in China or India, purchased via online markets, then shipped in bulk to Europe. But there is also evidence that groups who acquire revenues from cybercrime are involved in the active production of drugs. For example, the arrest of a Dutch money laundering gang also led to the discovery of ingredients they possessed to make ecstasy – further highlighting a material link between cybercrime actives and organised crime activities, said McGuire.

>See also: 3 ways to keep businesses safe from cybercrime in 2018

Human trafficking

The report also points to the fact that platform criminality is contributing to the issue of human trafficking. McGuire commented, “pimps frequently use the internet as a tool for gathering revenues from clients and workers, and then recycle this back into the logistics (and costs) of trafficking victims from target locations with economically vulnerable populations.”


The report identified a connection between cybercrime and terrorism. There was one case where cybercrime was committed specifically to generate revenues for terrorist activities. “One British-born follower of Al Qaeda, who provided technical assistance to the terror group in relation to uploading videos, quickly realised that his technical skills could also be used to commit cybercrimes,” McGuire explains. “He began to acquire stolen credit card numbers through transactions on online forums, such as Cardplanet, gathering over 37,000 separate card data files and generating more than $3.5 million in revenues.”

“This new cybercrime economy has created new digital businesses, making it even easier to conduct cyber attacks,” said Webb. “The walls between the criminal and legitimate worlds are blurring, and we are no longer simply dealing with ‘hackers in hoodies.’ We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cybercrime, the security community can better understand how to disrupt and stop them. New approaches to cybersecurity will be required.”

>See also: How nation-state backed threat actors steal from and copy each other

The complete picture?

“The report is perfectly correct that the cybercrime has undoubtedly became a very profitable and sustainable business that no government can control now,” according to Ilia Kolochenko, CEO of web security company, High-Tech Bridge.

However, it may have missed some figures because the most serious cases of cybercrime, like nation-state attacks or company sabotage from large conglomerates against competitors – are not often detected or exposed.

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...