- The commodification and commercialization of ransomware and disinformation has made cybercrime increasingly possible in the era of digital everything.
- Such attacks negatively affect all sorts of people and businesses, as well as distorting elections and public health initiatives.
- Understanding the relationships, connections and behaviours of those involved – that is, the economics of cybercrime - can uncover the incentives that drive cybercriminals.
Economics is driving digitalization – both for businesses and for criminals. As the great digitalization of everything continues, distributed remote workforces and new digital dependencies that touch every facet of personal and professional life present a double-edged sword.
Have you read?
On the one hand, tech-enabled digitalization delivers efficiencies and flexible, agile processes. On the other hand, individuals and organizations find themselves connected to the expansive economy of threats that pervade the digital sphere.
The trade-off is clear: the more digitally dependent we become, the more we increase our attack surfaces and the more risk we incur. The economics of cybercrime takes advantage of these trade-offs. To understand it, we need to recognize that cybercriminals' ecosystems are fundamentally driven by sensitive personal information and our collective failure to protect it.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
The 2021 Identity Breach Report published by digital risk protection firm Constella Intelligence shows how two major technological threats – ransomware and disinformation – can be explained by looking at the economics of cybercrime.
The commodification of ransomware attacks
Ransomware is one of the most talked-about cyberthreats of 2021 so far. It involves cybercriminals installing malicious software that blocks access to an organization's computer system—including sensitive data and any assets stored on that system—until the owner pays up or meets the cybercriminal’s demands. Major, high-publicity ransomware attacks in 2021 have crippled the critical infrastructure of school systems, hospitals, and energy companies, with devastating effects.
The commodification and commercialization of ransomware seems to have peaked with the rise in ransomware as a service (RaaS) attacks. Such methods involve ransomware developers working with affiliate groups that distribute their ransomware and then benefit economically from the attacks. The ransomware groups can provide these affiliates with tools so that they do not even need advanced skills to participate in the attack.
The ubiquity of personally identifiable information (PII) is critical to the continued deployment of these potentially devastating attacks. Since one of the weakest links in cybersecurity is usually the human factor, a common entry point is through phishing. This kind of attack uses PII to generate a false sense of security in the victim and dupe them into falling for an attacker's advances. Through phishing, employees' devices are infected, internal corporate systems are infiltrated, and data is stolen using encryption that forces a company to pay to recover its own data. In this way, there is a clear and intimate relationship between PII and ransomware.
The impact of ransomware attacks on SMEs
The commercial viability of small ransomware attacks—with small and medium-sized enterprises (SME) as principal targets—appears to be surging. The US Senate Judiciary Committee even highlighted the impact of these developments on SMEs in July 2021.
The commodification of the tools and capabilities that enable successful ransomware attacks has enabled this threat to be repeated on a local scale. This shows the real effects of a fluid and dynamic economy in which threat actors can leverage diverse resources and data points to execute attacks.
The market-based features of the threat economy make it challenging to shut down. Understanding how this economy works, however, enables us to seek more effective solutions that target the network of incentives and actors driving these threats.
PII and disinformation
Disinformation, while often characterized by a more diverse set of motivations, also showcases the economics of cybercrime. Deliberately spreading false or manipulated information has proven highly effective at distorting key conversations on the public agenda, negatively affecting elections and public health initiatives, and jeopardizing the reputational and financial health of executives and companies. What seldom gets mentioned, however, are the economic goals and resources available to the producers of disinformation.
Constella's 2021 Identity Breach Report highlights how commodification and weaponization of PII contributes to the commercialization of the building blocks of the disinformation ecosystem and the broader threat economy. These include automated networks of bots, false accounts, and deepfake production capabilities – all of which are for sale in deep and dark marketplaces.
Like in any marketplace, the price of digital assets vary based on their functionality. Botnets and false accounts are frequently priced higher when they have an older creation date because this increases their chances of evading the detection algorithms of platforms like Twitter, Facebook and Instagram. Thus, the more PII that can be purchased in deep and dark marketplaces, or scraped from open sources like public social media channels, the more effectively cybercriminals can operationalize their efforts.
An ecosystem with incentives
Taking an ecosystem-level approach to understanding cybercrime pushes us to consider the relationships between the human, technological, and geopolitical spheres of influence that inform the interactions, behaviours, and outcomes driven by different actors in the digital sphere.
Incentives are tough to map and quantify. Through advanced analysis of trends and activity on the surface, deep and dark web, however, we can better understand threats and vulnerabilities as building blocks of a wider ecosystem of threat actors and their tactics, techniques, and procedures (TTPs).
In taking this view, disinformation or ransomware are not isolated, anomalous occurrences involving a few malicious actors. Rather, they are enabled by other structural factors in the ecosystem such as the proliferation and availability of PII, or the lack of effective regulation in a fragmented and rapidly evolving online sphere.
Creating more secure connections
In order to make real progress in addressing these challenges, institutions and technologists need to understand the incentives that drive the exploitation of vulnerabilities. And they must be able to assess these challenges within the context of the bigger picture of our shared technological and communications infrastructure.
At the World Economic Forum's Centre for Cybersecurity, leaders from governments, businesses, and academia work collaboratively to understand these incentives. Together we are building a collective response to cybercrime that makes our connected world more secure and more trustworthy.