Cybercrime is the No. 1 concern for managers at multinational companies and a contributing factor in the slowing global economy, according to a new report. While the rise of cybercriminals has caused hundreds of millions of dollars of damage to individuals, companies and even governments in recent years, it has also led to the rise of cybercrime gangs who are earning hundreds of millions but who are operating like any legitimate startup would. Meet the cybercrime unicorns.
Unicorns are mythical creatures and in many ways so too are many of the billion-dollar tech companies given the same name, with valuations based on little more than potential and no revenue to speak of. On the flip side, cybercrime gangs are hugely profitable with small teams of dedicated experts, with no investors to answer to and no IPO to plan for.
"If you have a cybercrime organization and you are losing money, you are doing something wrong," security researcher Mikko Hypponen, who first coined the term cybercrime unicorn, told International Business Times. According to a study by the Ponemon Institute, the average annual losses to U.S. companies from cybercrime in 2015 exceeded $15 million, a 15 percent rise over the previous year. The Clements Worldwide Risk Index for 2016 suggests that cybercrime is the number one threat feared by managers at multinational corporations and is slowing the level of investment and expansion. “Stealing critical data on customers, employees, products and business partners inflicts far more actual and potential damage than any physical theft ever could,” said Chris Beck, president of Clements Worldwide.
— Mikko Hypponen (@mikko) January 15, 2016
While the effect on legitimate businesses is worsening, the rewards for the criminals is only increasing. According to a report from the Cyber Threat Alliance, the cybercrime gang operating the pernicious ransomware called Cyptowall has amassed a fortune of over $325 million. The researchers were able to reach this figure by tracking the bitcoin wallets the gang used to store the ransoms paid by hundreds of thousands of victims across the globe.
One of the key aspects of tech unicorns like Uber and Airbnb, is that they have backing from investors sometimes worth billions of dollars. Due to limited information available about the murky and shadowy world of cybercrime, it is unclear if a similar set up exists for these criminal gangs, but Hypponen does not rule it out. The researcher says it is possible there are "honchos in the shadows" who get these groups up-and-running, but "we know very little about these cybercrime groups" so it is impossible to say with any certainty.
What we can say for certain is that many of these gangs have setups operating just as any startup would. While they may lack the beanbags, free food and Friday afternoon ping-pong matches, their operations are run like any business in order to maximize profits.
In the university city of Tartu in Estonia, Rove Digital established its offices and, from the outside, it looked just like any other legitimate Internet service provider (ISP), with an official website and at one point it posted more than $5 million in revenue and had more than 50 employees.
Rove Digital was however a sophisticated cybercrime operation run by Vladimir Tsastsin which infected more than four million PCs in over 100 countries using malware known as DNSChanger with the U.S. government claiming this one operation alone earned the criminals $14 million before an FBI-led sting saw Tsastsin and his colleagues arrested. In July 2015 Tsastsin pled guilty to wire fraud and computer intrusion charges and faces a maximum 25 years in jail.
"This was a startup for all practical purposes," Hypponen says. "except that it was in the business of cybercrime."
Comparing cybercrime gangs to tech unicorns is of course problematic. These are not private companies which have valuations and while the likes of Snapchat, Palantir and Airbnb have to pay taxes and abide by laws and regulations, these criminal gangs operate as they want.
While most of the world's unicorns are located in Silicon Valley, the majority of cybercrime gangs operate out of the former Soviet states, including Russia, Ukraine, and Estonia. However they are not limited to these locations with significant operations being run out of other European countries like Romania and Moldova while more recent cyrbercrime hotspots include Vietnam and Brazil.
Hypponen says that one region of the globe has yet to establish itself as having a significant cybercrime presence, but he worries that in the coming years, Africa could product the next cybercrime unicorn. "I am worried about whether we will see more cybercrime coming out of Africa, hitting the rest of the world," Hypponen says -- and other experts agree. The reason for his concern is the exponential growth in connectivity which the continent is expected to experience in the coming years.
At the moment the outbound bandwidth of the entire continent, which has a population of 1.1 billion, is the same as that of Finland, which has a population of 5 million. With companies like Facebook and Google are aggressively investigating ways to quickly connect the continent, this could mean that just like the rest of the world, Africa could soon be home to major cybercrime operations.