From: Investopedia

by Thursday Bram

Cybercrime represents an underground economy of $114 billion. It’s organized, employs expert hackers and operates like any legitimate economy. MBAs and other business experts can choose  big targets for cybercrimes, just as they might plan the strategies a  business employs. On the other side of the equation, the cybersecurity industry is in a rut, practically guaranteeing the continuing operation of cybercriminals. Let’s take a look at how the underground Internet economy operates.

Low Barriers to Entry

You might expect that the costs of getting into the cybercrime business are high, but it’s not nearly  as expensive as you might think. Most of the tools and data that a cybercriminal  needs can be picked up on the cheap. Hiring a botnet can be a luxury item at $225, but a keystroke logger is about $20 and website hosting for a phishing scam can be as low as $10. Even labor costs can be low: many of these crimes no  longer require an expert hacker. Someone with just a little technical knowledge can go shopping online for the tools to commit cybercrimes on an almost automatic basis. Commonly, a criminal will purchase a set of tools to steal  information and then turn around and sell that information to someone else to  exploit, just as legal businesses might form supply chains.

Cybercriminals Interact Freely

The cybercrime economy exists somewhat openly: there are web-based forums and other websites where cybercriminals list tools and  information for sale and discuss future projects. An outsider could almost think he was visiting any legitimate industry forum. While marketing both the tools of the cybercrime trade and the information gathered through different exploits is not as simple as promoting a legal enterprise, these sites are full of offers.

Modern Cybercrime

A few years ago, most efforts to commit crimes online were directed toward breaking into Windows-based computer systems. Now, hackers are targeting smartphones and tablet systems that are commonly run with minimal protection against viruses and malware, at least compared to desktop computers. This targeting is especially concerning because mobile platforms are becoming one of the key areas where many people and organizations handle financial transactions.

Credit Card Information Theft Is King

The most popular type of information for sale through these underground markets is credit card details, since it is much easier to make a purchase online using a credit card than it is to drain a bank account or steal an entire identity. That being said, bank account information is also a popular commodity.

Many of the criminals buying up information that will allow them to  access others’ financial accounts will proceed with surprising patience. Rather than immediately running up huge charges or completely emptying a bank account, they may create smaller fraudulent transactions, hiding them during busy seasons like the holidays, so that the fraud is much harder to detect. These criminals are taking a longer view with a goal of stealing more money, albeit slowly.

No Recession for Cybercrime

The cybercrime economy is thriving during a time when legitimate enterprises are struggling.  The costs of dealing with these crimes are mostly paid by large organizations, such as banks, and both prevention and damage control require larger investments in cybersecurity. But even with the new initiatives, laws and tools for combating  cybercrime, those costs are going to continue to grow.

The Bottom Line

There are numerous organizations and individuals suggesting that cybercrime  may get significantly worse in the years to come, especially in light of how easily the techniques and tools of cybercriminals can be turned to cyberwarfare  and cyberterrorism. The only solution is for the cybersecurity industry to catch up with its illegal counterpart.