How to spend like a cyber criminal
We all know that there's money to be made from cyber crime, with even entry level hackers being able to make as much as $42,000 a year. But what do they do with that money?
An 11 month study by virtualization-based security specialist Bromium looks at what cyber criminals are earning, and what they spend it on.
High earners can make up to $2m a year according to the report, with mid-level criminals making up to $900,000 -- more than double the US presidential salary -- and entry level hackers making $42,000.
When it comes to spending, 15 percent of cyber criminals spend most of their money on the same sort of everyday things as the rest of us, such as buying essentials and paying bills. 20 percent though focus their spending on bad habits -- like buying drugs or paying prostitutes.
Spending to impress is practiced by 15 percent -- for example, buying expensive jewellery, and 30 percent of cyber criminals convert some of their revenues into investments -- such as property or financial instruments, and other items that hold value such as art or wine.
Reinvestment in further criminal activities, for example, buying IT equipment, accounts for 20 percent of cyber criminals' spend. Interestingly the report notes a growing market catering to cyber criminals by allowing them to buy things with virtual currency.
"Every time someone pays a ransom, they are participating in The Web of Profit," says Gregory Webb, CEO of Bromium. "Cyber crime is a lucrative business, with relatively low-risks compared to other forms of crime. Cyber criminals are rarely caught and convicted because they are virtually invisible. As criminals further monetize their business allowing anyone to buy pre-packaged malware or hire hackers on demand, the ability to catch the king-pins becomes even more challenging. The cyber security industry, business and law enforcement agencies need to come together to disrupt hackers and cut off their revenue streams. By focusing on new methods of cyber security that protect rather than detect, we believe we can make cyber crime a lot harder."