Fraud Prevention

3 Fundamental Truths About How Cybercriminals Make Money

December, 13, 20215 min Read

The world today, by and large, is run digitally. The accounts that we use to conduct business and pleasure online have become extremely valuable. That’s why attacks targeting digital accounts are more frequent and severe than ever before. 

It is said that cybercrime is now more profitable than all of the world's drug trade combined, with annual losses from cybercrime reaching more than $6 billion in 2021. Losses at this scale could not be achieved by lone attackers working in silos. 

In fact, the growth of cybercrime has created a parallel ecosystem of businesses that support this activity and share in the profits. These range from identity farms, which create synthetic identities and test stolen credentials, click farms and organized human attackers, who carry out nuanced attacks, and ‘arms dealers’ selling sophisticated tools to launch large-scale complex attacks. 

The truth is: Cybercrime is a highly organized business. If you want to fight against it effectively, it starts by understanding a few drivers that fuel successful attacks. 

Socioeconomic Factors Drive Cybercrime Patterns Globally

The motivations and tactics of attackers depend on socioeconomic factors in their geographic region. Disparities in wages and cost of labor, differing costs of living, and the comparative purchasing power of different currencies shift incentive levels among would-be fraudsters. For example, based on the value of the ruble compared to the US dollar, cybercriminals in Russia stand to gain four times the value from defrauding United States businesses as opposed to acquiring rubles.

On top of economic drivers, regions have different access to the technology needed to support sustainable cybercrime outfits. For example, while Ethiopia is a country with very weak purchasing power parity, it equally has one of the lowest internet penetration rates globally. With only 15% of the population having access to the internet it is an unlikely cybercrime hub.

Therefore, rather than the very lowest income countries having the greatest incentive to enter the global cybercrime field, it is the lower- and middle-income nations where financial incentive and opportunity converge to make cybercrime most appealing.

Top countries of origination for cyberattacks, Q3 2021

Attackers Have the Economic Edge on Businesses

Businesses are coming up against global cybercrime networks which are leveraging regions with high incentive levels, using the economic realities of different locations to their advantage. In recent years, businesses have tried to deploy a range of solutions to protect against these attacks but sometimes the cost of these tools may outweigh the revenue from those use cases.

cybercriminalsWhile this looks like a surprising amount of outgoing expenses for the fraudsters, they are able to keep costs low by casting their nets globally to tap into markets with very low overheads. For example, in some dark web marketplaces, the monthly cost of buying proxy servers can be around $350. Such services can provide more than 150,000 global IPs with unlimited bandwidth. $92 buys an attacker dedicated root server hosting, and a server's license costs $28. This means fraudsters can launch bot attacks at scale for about $470 dollars per month.

While cybercriminals’ costs are able to consistently drive profits operating this way, businesses are experiencing ever-expanding demands on their budgets. For a sustained fight against cybercrime to be successful long-term, we need to focus on eliminating the economic advantage of fraudsters versus the businesses they target.

The Vicious Cycle -- Successful Attacks Beget More Attacks

Despite extensive investments in bot detection, device identification and anti-fraud systems, companies have come to consider fraud as an operational cost of doing business. Order acceptance and conversion rates are being prioritized to the point that it has become acceptable to sustain regular fraud losses - as long as these losses are kept below a certain threshold.cybercriminalBut this line of thinking only exacerbates the problem, because the more successful attacks that take place, the better the fraud community’s ability to launch future attacks. As a result, fraud attack rates are steadily rising – despite the numerous anti-fraud measures deployed in many digital businesses.

The more successful attacks that are launched, means more profitability for fraudsters and in turn more money they can reinvest in further attacks. This perpetuates a vicious cycle of cyberattacks that, at the moment, show no sign of abating. 

So what can be done? It seems that businesses are fighting a losing battle, but hope is not lost. There is a surefire way to undermine cyberattacks, and that's by eliminating the economic incentive behind them. If attacks cease to become profitable, bad actors will have less motivation to launch them in the first place, and will also have fewer resources to draw upon to continue them. This breaks the vicious cycle and puts businesses in an offensive position while attackers reevaluate their attack tactics. 

That is exactly the ethos Arkose Labs takes in delivering long-term deterrence against attacks. By eliminating the economic incentive behind fraud and cyberattacks, businesses can ensure they and their customers are safe from bad actors.