Cybercrime: The World’s 3rd Largest Economy 

How Big is the Cybercrime Economy? 

According to the World Economic Forum (WEF), cybercrime is now the world’s third-largest economy coming in behind the United States and China. Cybercrime is impacting businesses of all sizes as criminals are able to buy access to networks and malware at fairly low costs. This has led criminals with low technical skills to launch sophisticated cyber-attacks traditionally targeting healthcare, education, and business. Of these cyber-attacks, the preferred method of attack has been to exploit security gaps to deploy ransomware. It is assessed that cybercrime will generate $8 trillion in revenue by the end of 2023 and $10.5 trillion in 2025, with most of the revenue attributed to ransomware. The additional revenue is calculated based on estimated cost of damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. 

Contributing Factors to the Cybercrime Economy 

The advancements in the cyber landscape have opened the flood gates for a new type of criminal. Individuals can exploit security gaps, known vulnerabilities, and cyber hygiene practices of individuals and organizations. The study done by WEF revealed top contributing factors in cybercrime are ransomware-as-a-service (RaaS), cyber insurance, and material gain motivation.  

RaaS continues to increase year over year, with a significant spike noted in 2023. In March 2023, ransomware attacks spiked 91% in comparison to March of 2022 and a 62% increase in February 2023 compared to February 2022. The top RaaS provider in March of 2023 was Cl0p, which accounted for 28% of all victims, while LockBit 3.0 came in second with 21%. Royal, a non-affiliated ransomware group, was the third most active with attacks increasing 106% from February 2023 to March 2023 attacks.  

Government organizations have taken a more active role in responding to ransomware attacks and supporting companies in the recovery process. This has led to a reduction in ransoms being paid by organizations. Additionally, as organizations have sought to reduce the cost of cyber-attacks on their companies, they have begun to buy cyber insurance. This added protection was meant to reduce the out-of-pocket costs for a company in responding to ransomware attacks. However, cyber criminals quickly learned the max cyber insurance payout for ransomware was higher than threat actors were originally requesting. This led threat actors to increase their demands within the ransom notes to $800,000, meeting the max insurance payout rate.  

In addition to RaaS, and cyber insurance driving the growing economy of cybercrime, there has been a rise in financially motivated criminals and nation-state actors exploiting political instability for material gains. The Russian war in Ukraine has provided an opportunity for new threat actors to enter the cybercrime space under the guise of being politically motivated hacktivists. Groups such as Anonymous Russia, Killnet, and NoName057(16) have taken advantage of the regional instability conducting operations against Ukraine and NATO forces in support of Russia’s agenda. Furthermore, a new wave of Russian language darknet markets has generated approximately 80% of the revenue on all darknet markets.  

Darknet Markets 

1. Blacksprut: $20 million in March 2023 

2. Kraken: $10 million in March,2023 

3. Mega: $40 million in March 2023  

What are the Most At-Risk Industries for Cyber-Attacks? 

Critical infrastructure including electric, gas and water utilities, and hospitals are all considered very high risk for cyber-attacks. While banks, telecommunications, technology, chemicals, energy, and transportation services are high risk. Out of the cyberattacks that have occurred, 60% of the organizations targeted have gone out of business within six months of falling victim. 

Conclusion: What are Predictions for the Cybercrime Economy? 

The cybercrime economy is predicted to continually increase year over year with threat actors exploiting the same victim months or years later. Recently, a surge in cybercrime entities joining forces has been observed, increasing the severity in future attacks and targeting strategies. Threat actors will continue to seek out exploitation of companies that have not patched their software. It is recommended that companies implement secure access controls, segment networks, enable multi-factor authentication, and regularly test and evaluate backup strategies to limit the impact of a ransomware attack. Additionally, organizations should inventory externally facing services to reduce the attack surface available to threat actors. Continued employee training and strengthening email security solutions to detect and stop threat actors before they can penetrate network perimeters are imperative to maintaining a healthy network.  

The Critical Start Cyber Threat Intelligence (CTI) team will continue to monitor the situation and work closely with the Threat Detection Engineering (TDE) team and the SOC to implement any relevant detections. For future updates, the CTI team will post via ZTAP® Bulletins and on the Critical Start Intelligence Hub. 

References: 

1. https://cybersecurityventures.com/cybercrime-to-cost-the-world-8-trillion-annually-in-2023/ 

2. https://i-hls.com/archives/117897 

3. https://cybernews.com/editorial/cybercrime-world-third-economy/#:~:text=Cybercrime%20has%20grown%20to%20become,and%20%2410.5%20trillion%20by%202025 

4. https://thecyberexpress.com/a-year-after-hydra-darknet-market-shut-down/ 

5. https://www.trmlabs.com/post/eight-months-after-the-hydra-shutdown-new-russian-language-darknet-markets-fill-the-void 

6. https://www.techrepublic.com/article/ransomware-attacks-increased-march/