Story image

What do cybercriminals spend their money on? Sex, drugs & toilet roll

14 Apr 2018

A new report has emerged that details just how much cybercriminals are earning - and it’s certainly nothing to sneeze at.

Bromium announced the findings of an independent study that reveals how income and spending have become almost cliché with no tax required and seemingly limitless opportunities to profit.

  • High earners make up to $2m/£1.4m – almost as much as a FTSE250 CEO

  • Mid-level criminals make up to $900,000/£639,000 – more than double the US presidential salary

  • Entry level hackers make $42,000/£30,000 – significantly more than the average UK graduate

Bromium CEO Gregory Webb says cybercrime is a lucrative business and relatively low-risk when compared to other forms of cybercrime.

“Cybercriminals are rarely caught and convicted because they are virtually invisible. As criminals further monetise their business allowing anyone to buy pre-packaged malware or hire hackers on demand, the ability to catch the king-pins becomes even more challenging,” says Webb.

“The cybersecurity industry, business and law enforcement agencies need to come together to disrupt hackers and cut off their revenue streams. By focusing on new methods of cybersecurity that protect rather than detect, we believe we can make cybercrime a lot harder.”

The study collated first-hand interviews from 100 convicted or currently engaged cybercriminals in addition to dark web investigations to reveal their spending habits, which includes:

  • 15 percent of cybercriminals spend most of their money on immediate needs – such as buying nappies and paying bills

  • 20 percent of cybercriminals focus their spending on bad habits – like buying drugs or paying prostitutes

  • 15 percent of cybercriminals spend to attain status, or to impress romantic interests and other criminals – for example, buying expensive jewellery

  • 30 percent of cybercriminals convert some of their revenues into investments– such as property or financial instruments, and other items that hold value such as art or wine

  • 20 percent of cybercriminals spend at least some of their revenue on reinvestments in further criminal activities – for example, buying IT equipment

Obviously, cryptocurrency has a serious part to play given it is virtually untraceable, and Bromium says it is concerning to see the growing market to sell luxury products in exchange for digital currency.

The researcher behind the report, Dr Mike McGuire says it is fascinating to see the spending habits of cybercriminals.

“A lot of cybercriminals spend their money on increasing their status, whether that be with peers or romantic interests. One individual in the UK, who made around £1.2m per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could “arrive in style” to casinos and hotels," says Dr McGuire.

“Another UK cybercriminal funnelled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes. It’s alarming how easily cybercriminals are able to spend their illicit gains – there is an ever-growing market that is almost tailor-made for cybercriminals to make these ostentatious purchases with little to no regulation or oversight.”

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.