Understanding the Big Business of Cybercrime

Share :

Cybercrime is lucrative. This world of hackers, malware, and brokers is now a trillion-dollar industry, the number one threat to the global economy, and is showing zero signs of slowing down.  

Fueled by the digital revolution, the global shift to a hybrid work model, and the rapid adoption of the cloud, more avenues have opened for threat actors to exploit. And their attack methods continue to evolve, with new innovations staying a step ahead of a cybersecurity industry determined to stop them.  

We live in a time where a ransomware attack is launched every 11 seconds. It’s a war. And it’s being fought all over the world, all day, every day. But it’s hard to fight an opponent you can’t see, hear, or understand.  


“If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.” 

-Sun Tzu, The Art of War 

The Scale of Cybercrime 

Put simply, the scale of cybercrime is massive:  

  • It’s a $1.5T dollar industry. If cybercrime were a country, its economy would the third largest in the world — behind only the U.S. and China.  
  • The World Economic Forum’s Global Risk Report has repeatedly identified cybercrime as one of the most concerning risks to global commerce, right alongside disease, natural disasters, and weapons of mass destruction. 
  • Cybercrime annual revenues are three times as large as those of Walmart, the highest-grossing organization in the U.S. 
  • While its revenues are high, the cost of the damage done is even higher, with cybercrime expected to cost organizations and governments $10.5 trillion in annual damages by 2025. 

Cybercrime destroys much more value than it takes in. It’s a net negative on the wealth of the world, a global challenge on a massive scale, and combating cybercrime will require all of us to bring our best to the fight every single day. 

Four Major Cybercrime Trends 

Cybercriminals are looking to make money with the least amount of effort. And recent innovations in cybercrime tactics and attack types have made things very easy on them. 

1. Ransomware-as-a-Service (RaaS) 

RaaS might be the best example of cybercrime as a business. Ransomware, in its initial, garden-variety form, involves attackers using malicious programs to encrypt data or lock users out of systems. The attacker then demands a ransom to restore access.  

RaaS, however, commodifies and commercializes ransomware, allowing the developers of a ransomware variant to recruit affiliates that exclusively use their ransomware in targeted attacks on organizations. Any ransom payments extorted out of the victims are then divided up between the ransomware developers and the affiliate who conducted the attack.  

This attack technique has surged in popularity over the past decade, becoming a huge revenue driver for the cybercrime industry, and we shouldn’t expect it to slow down anytime soon. RaaS has made the threat landscape much more dangerous, increasing the overall number of attacks and removing any financial, technological, or service barriers potential threat actors might have faced when going it alone.  

2. Business Email Compromise (BEC) 

Business email compromise attacks can come in various forms — from attackers positioning themselves as the CEO requesting an emergency fund to acting as company suppliers requesting fund transfers to fraudulent accounts. No matter what form the attack takes, it involves the same tactics: spoofing and taking over email addresses within an organization.  

Access is the key aspect of BEC, as it gives a cybercriminal the ability to investigate the entire environment and cherry-pick the best options for attack — whether that be sending malicious files to the entire organization in the hopes of installing malware or ransomware, to using the access and information to try and misdirect funds to their own bank accounts.  

This is a dangerous attack type that doesn’t grab the headlines or attention that ransomware does. Yet organizations lose three times as much to BEC as they do to ransomware, according to the FBI.  

3. The Zero-Day Market 

A zero-day is a vulnerability within a large system, one that the system’s designers and the cybersecurity community aren’t aware of and have had … wait for it … zero days to fix. The attackers, however, know all they need to exploit it, which makes this one of the most dangerous types of cyber attacks out there. Since zero-days are flaws or loopholes already present in the system in place, it makes the attack more reliable and sophisticated. 

Today there’s a growing commercial market where these zero-days can be bought and sold and exploited by their purchasers, who use these zero-day vulnerabilities for any number of attack types. 

This is a sophisticated, organized commercial market where this kind of knowledge is available for sale before the cybersecurity community can do anything to stop it.

4. Targeting of Healthcare

Personal health information fetches a pretty penny on the dark web and healthcare organizations are often dealing with a lot of online software that’s deeply connected to both each other and third parties. Oh, and downtime from an attack can be a matter of life and death. Those three traits make healthcare a prime target for cybercriminals — 20% of incidents by industry were attached to healthcare. 

The Six Main Threat Actor Types 

Now we know their tactics. But who, exactly, are they? We’ve identified the six major types of threat actors, and we’re ready to expose them and their motivations — and show you how to stop them. 

Organized Cybercriminal 

Motivation: Money  

Execution: Social engineering 

Organized cybercriminals want access to personal, financial, or health data in order to sell it on the dark web.  

Insider Threat 

Motivation: Revenge or greed  

Execution: Privileged access  

Insider threats are bucketed into two categories — those who unintentionally make mistakes and open their organization to attacks, and those who maliciously take advantage of their privileged access to harm the company.  

Want to know the rest? There are four final bosses in the big business of cybercrime, and you need to know who they are, so you know how to protect yourself from them. 

How to Protect Against Cybercrime 

There’s no singular approach that will wipe out cybercrime and keep your organization secure forever. Cybersecurity keeps evolving alongside cybercrime, and it may stay that way. But there are ways to reduce overall risk and improve your organization’s security posture. Security is a journey, not a destination, and it’s one that should be taken with a holistic, proactive approach 

For example, protecting against vulnerabilities means utilizing threat intelligence to find and patch those vulnerabilities, while tackling ransomware means having a system to detect threats quickly and be able to mitigate those threats before they become full blown attacks.  

Then there’s users. While social engineering takes a back seat to external exploits, RaaS and BEC rely heavily on the human element. Having effective security awareness training can be the difference between recognizing an attack and becoming the victim of one.  

For many organizations, paying attention to and fighting these kinds of cybercriminals may not be possible in house, and may look to an external security operations partner to help them close the gaps and harden their environment.  

Every organization has unique security and business needs, but what these trends show is that every organization is vulnerable, and cybercriminals are ready to take advantage of those weaknesses. Rethinking approaches, evaluating spending and structure, and working toward a better security architecture is the only way forward. 

Dive deeper into these trends with our webinar, “Investigating the Big Business of Cybercrime” and our page “The Big Business of Cybercrime.” 

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter