Lost your password?
Don't have an account? Sign Up
Understanding the economics of cybercrime is critical to fight it.

Understanding the economics of cybercrime is critical to fight it.

Economic factors are pushing digitization — for both firms and criminals. As the world continues to digitalize, scattered remote workforces and new digital dependencies that affect every aspect of personal and professional life provide a double-edged sword.

On the one hand, digitalization facilitated by technology provides efficiency and flexible, adaptable processes. Individuals and organizations, on the other hand, find themselves linked to the vast economy of dangers that saturate the digital realm.

The trade-off is obvious: the more digitally dependent we grow, the larger our attack surfaces become and the greater the risk we confront. These trade-offs are exploited by the economics of cybercrime. To comprehend it, we must acknowledge that the ecosystems of cybercriminals are primarily powered by sensitive personal information and our collective failure to secure it.

Ransomware attacks are being monetized.

So far, ransomware has been one of the most talked-about cyberthreats of 2021. It entails cybercriminals installing malicious software that prevents access to an organization’s computer system, including sensitive data and assets held on that system, unless the owner pays up or satisfies the cybercriminal’s demands. In 2021, major, high-profile ransomware assaults disrupted the vital infrastructure of school systems, hospitals, and energy corporations, with disastrous results.

With the rise in ransomware as a service (RaaS) attacks, the commodification and commercialization of ransomware appears to have peaked. Such techniques entail ransomware producers collaborating with affiliate groups that disseminate their malware and then profit financially from the assaults. The ransomware organizations can offer these affiliates with tools that allow them to engage in the assault without requiring advanced knowledge.

The ubiquity of personally identifiable information (PII) is crucial to the continuing deployment of these potentially lethal assaults. Because one of the weakest links in cybersecurity is generally the human component, phishing is a popular entrance point. This type of assault uses PII to create a false sense of security in the target and trick them into falling for an attacker’s approaches. Employees’ devices are infected by phishing, internal business systems are compromised, and data is taken using encryption that compels a firm to pay to retrieve its own data. As a result, there is an obvious and intimate link between PII and ransomware.

The impact of ransomware attacks on small and medium-sized businesses

Small ransomware attacks, with small and medium-sized companies (SME) as primary targets, appear to be gaining financial viability. The impact of these changes on SMEs was notably addressed by the US Senate Judiciary Committee in July 2021.

Because the tools and capabilities that enable effective ransomware attacks have become commoditized, this danger may now be replicated on a local scale. This demonstrates the real-world consequences of a fluid and dynamic economy in which threat actors can use a variety of resources and data points to carry out assaults.

The threat economy’s market-based characteristics make it difficult to shut down. Understanding how the economy operates, on the other hand, allows us to seek more effective remedies that target the network of incentives and players driving these risks. The commercialization of the tools and capabilities required for successful ransomware operations allows this danger to be replicated on a smaller scale.


Disinformation and personally identifiable information

While disinformation is frequently characterized by a more diversified set of reasons, it also demonstrates the economics of criminality. Deliberately disseminating false or altered information has been very successful in distorting critical public debates, undermining elections and public health programs, and jeopardizing CEOs’ and organizations’ reputations and financial health. What is rarely acknowledged are the economic motivations and resources accessible to misinformation producers.

Constella’s 2021 Identity Breach Report focuses on how the commodification and weaponization of PII contributes to the commercialization of the misinformation ecosystem’s and the wider threat economy’s building blocks. These include automated bot networks, bogus identities, and deep fake production capabilities, all of which are available for purchase in deep and dark marketplaces.

The price of digital assets varies according on their utility, just as in any marketplace. Botnets and fake accounts are usually priced higher when their inception date is older, since this enhances their chances of escaping detection algorithms on platforms such as Twitter, Facebook, and Instagram. Thus, the more personally identifiable information (PII) that can be acquired in deep and dark marketplaces or scraped from open sources such as public social media channels, the more efficiently cybercriminals may operationalize their activities.

An incentive-based ecosystem

Considering the linkages between the human, technological, and geopolitical spheres of influence that define the interactions, behaviors, and results produced by diverse players in the digital realm forces us to take an ecosystem-level approach to understanding cybercrime.

Incentives are difficult to define and measure. However, by doing sophisticated research of trends and activity on the surface, deep, and black webs, we may get a deeper understanding of threats and vulnerabilities as components of a larger ecosystem of threat actors and their strategies, techniques, and processes (TTPs).

According to this point of view, misinformation or ransomware are not unique, abnormal phenomena involving a small number of bad individuals. They are instead facilitated by other structural variables in the ecosystem, such as the proliferation and availability of PII, or the absence of effective regulation in a fragmented and fast developing online world.

Increasing the security of connections

To make significant headway in resolving these issues, organizations and technologists must first understand the incentives that drive vulnerability exploitation. And they must be able to evaluate these problems in the context of our common technology and communications infrastructure.

Leaders from governments, industry, and academics collaborate to understand these motivations at the World Economic Forum’s Centre for Cybersecurity. We are working together to develop a collective response to cybercrime that will make our connected world more safe and trustworthy.