Week 2: The Dark Cybercrime Economy

Maleea m -

 

Trailing behind only the US and China, the Dark Cybercrime Economy has grown into a $10.5 trillion superpower, making it the world’s third-largest economy—and it continues to expand at an alarming rate of 15% annually.

The Rise of the Cybercrime Economy

Many have heard of the dark web, and if you are like me, I thought it was some basic-looking website selling body parts in a Craigslist fashion. Although that might have been a more realistic idea 20 years ago, today it couldn’t be farther from the truth. Cybercrime in the dark web has grown into a sophisticated, highly organized, corporate-functioning global industry.

These cybercrime organizations function much like Fortune 500 companies, with defined leadership structures, research and development teams, customer support, and even performance-based incentives for hackers. They recruit top talent from around the world, offering competitive salaries and bonuses in cryptocurrencies. Many of these groups specialize in specific areas—whether it be ransomware deployment, data brokerage, or exploit development—and collaborate with other cybercriminal enterprises to maximize efficiency. Some even provide subscription-based models and customer service for their “clients” (victims), ensuring smooth operations of receiving and reinstituting stolen data with technical assistance.

Cybercrime-as-a-Service (CaaS)

The emergence of Cybercrime-as-a-Service (CaaS) has made it possible for individuals with no hacking skills to launch a full-scale cyberattack using purchased services. This lowered barrier to entry is fueling the rapid expansion of cybercrime. With cyberattacks now easier than ever to deploy, large, high-value corporations are no longer the sole targets – smaller businesses, previously deemed unprofitable to attack, are increasingly at risk as cost-benefit ratio shifts in favor of cybercriminals.

Some services include:

  • Ransomware-as-a-Service -> Cybercriminals can rent ransomware kits to launch attacks without writing a single line of code. Profits (often in the millions) are then shared with the developers.
  • Phishing-as-a-Service -> Templates include email templates and fake login pages to steal credentials.
  • Malware-as-a-Service -> Malware creators sell or lease their trojans, keyloggers, and spyware to cybercriminals, allowing infiltration into systems.
  • Access-as-a-Service -> Compromised corporate accounts and network access credentials are sold to hackers, enabling them to infiltrate businesses effortlessly.

Project Update

This week, I have continued my Cybersecurity 101 course, completing beginner hacker simulations and deepening my knowledge of how to use Linux, a computer operating system.

Above is an image of running Linux commands (on the right) to navigate and edit files on a computer or a device’s microcontroller.

On one test, I was tasked with transferring $2,000 into “my” bank account on a virtual bank website. I used a command-line application called “Gobuster” to brute-force (a hacking technique that uses trial and error to guess passwords, encryption keys, or other login credentials)  FakeBank’s website to find hidden directories and pages. Gobuster takes a list of potential page or directory names (https://basisseniorprojects.com/flagstaff/academics) and tries accessing a website with each of them; if the page exists, it tells you. Once I was able to find the admin page, I input a “leaked”  password and username, allowing me to make money transfers.

Browser window showing website target.

“Fun” Frightening Fact of The Week:

Cybercrime is more profitable than the illegal drug trade.

Just say no to phishing scams: say yes to life.

More Posts

Comments:

All viewpoints are welcome but profane, threatening, disrespectful, or harassing comments will not be tolerated and are subject to moderation up to, and including, full deletion.

    samantha_g
    I still totally thought the dark web was all about selling body parts, it's nice to know it has moved away from that. CaaS sounds illegal to my no knowledge of cybersecurity mind, has there been any laws made against CaaS? Any laws made to try and stop it? No to phishing scams! Thanks!
    March 9, 2025 at 1:59 am - Reply
      maleea_m
      While there is still a side selling kidneys and eyeballs, the cyber-crime side has skyrocketed in recent years. CaaS is very illegal as well as very hard to control due to its borderless nature, often occurring across multiple countries making jurisdiction a nightmare. There are many laws worldwide against these kinds of attacks but not enough to stop them. Stronger regulations are needed!
      March 19, 2025 at 9:24 am - Reply
    mae_b
    This is fascinating stuff, Maleea. Is there anything everyday people (like me) with no knowledge of hacking can do to protect ourselves from cyberthreats?
    March 10, 2025 at 7:01 am - Reply
    mason_t
    Hi Maleea, it's crazy that cyber crime has grown so vast that it can be considered its own separate economy. Does this cyber-economy ever align with any one country or does it mostly just operate under whoever is paying?
    March 17, 2025 at 11:09 am - Reply
      maleea_m
      The economy typically operates without borders, but cyber operations can sometimes align with national interests. Countries like Russia, China, the U.S., North Korea, and Iran have been known to support or tolerate cybercriminal groups when their activities align with government objectives, such as espionage, political influence, or economic disruption.
      March 19, 2025 at 9:19 am - Reply
    eugene_j
    Hey Maleea! This information and the sheer enormity of cybercrime make me feel like you just revealed a whole underground world to us. If cybercrime can be compared to nation economies, is there a lot of competition between hacker groups, like with companies?
    March 28, 2025 at 2:20 pm - Reply

Leave a Reply to mason_t Cancel reply

Your email address will not be published. Required fields are marked *