Experts explain the Return on Investments in the cybercriminal underground

How much is the return on investment in the cybercriminal underground? Let’s dig a report recently published by threat intelligence firm Recorded Future to find the answer.

Cybercrime is a profitable business and the returns of investments can be enormous, this is what emerged from another interesting research of the threat intelligence firm Recorded Future.

It is cheap and simple for wannabe hackers to set up their own botnet, a banking trojan can be paid from professional malware developers for $3,000–$5,000.

Web-injects to intercept credentials for bank account goes from $100 up to $1,000, and of course, crooks need a bulletproof hosting that can cost $150 to $200 per month, while payload obfuscation tools to avoid detection can cost up to $50.

Another crucial aspect of the illicit business is the cash out, researchers from Recorded Future reported that there’s the 50%- to 60% commission wannabe crooks need to pay from the money you steal from each victim’s account if they want it professionally laundered. The money can be delivered in Bitcoin, Western Union, or other direct methods by paying a supplementary fee of 5% to 10%.

“Once the malware is successfully planted and banking credentials intercepted, the perpetrator has to work with a chain of mule handlers and money-laundering intermediaries to receive a final pay-off.” states the analysis from Recorded Future.

“A money launderer with a stellar reputation and is capable of quick turnaround, will charge a hefty 50-60 percent commission from each payment transferred from a victim’s account. In some cases, an additional 5-10 percent commission might be required to launder the funds and deliver it to the main operator via preferred payment method, such as bitcoin, Web Money, or the Western Union.”

According to Andrei Barysevich, director of advanced collection at Recorded Future, the costs can add up and the paybacks are enormous.

“We estimate the average ROI of a botnet operation to be between 400% to 600%,” Barysevich explained.

Which kind of return has the illegal activity?

The returns are both direct and indirect, of course, the main income is related to the funds stolen from the bank accounts, but crooks can also earn selling the login credentials at $100 to $200 a pop, or offering a service of per-demand malware installation on the compromised devices.

The dark web is an excellent aggregator for the crooks, this is the right places where it is possible to find the above services.

Economics like this are driving enormous interest in malware goods and services on the Dark Web. Researchers are observing that the cybercrime underground is evolving to highly specialized products and services.

A malware for launching a distributed denial-of-service attack can cost $700 and the overall infrastructure for a spam or phishing campaign can run into the thousands.

“The cybercriminal underground is quite verticalized, with threat actors specializing in particular areas of expertise. It is this distribution of expertise that contributes to the underground market’s resiliency. Similar to drug cartels, once you remove one threat actor or forum, rivals will immediately take its place.” continues the analysis.

The underground market is capable to satisfy any need of newbies and script kiddies just as efficiently as it can help the most sophisticated criminal groups and nation-state actors, this is very scaring.

Cyber attacks are rarely conducted by a single individual operating in isolation, any campaign requires expertise across multiple disciplines to maximize the profit … and any expertise has its price in the criminal underground.

The experts did not observe significant price fluctuations in the offer of illegal products and services in the cybercriminal underground.

“based on experience, we can say a majority of the services and data types have not seen significant price fluctuations,” Barysevich added.

Enjoy the report!

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cybercrime, criminal underground)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.