After conducting extensive research over a period of three years, a group of international researchers has successfully created the inaugural World Cybercrime Index. This groundbreaking index aims to pinpoint the primary hubs of cybercrime worldwide by evaluating and ranking the most prominent origins of cybercriminal activities on a national scale.
The Index indicates that a limited number of countries are home to the most significant cybercriminal risk. Russia leads the rankings, with Ukraine, China, the USA, Nigeria, and Romania following closely behind. The United Kingdom is ranked eighth on the list.
Cybercrime Categories Assessed
The five major categories of cybercrime assessed by the study were:
- Technical Products/Services (e.g. malware coding, botnet access, access to compromised systems, tool production).
- Attacks and Extortion (e.g. denial-of-service attacks, ransomware).
- Data/Identity Theft (e.g. hacking, phishing, account compromises, credit card comprises).
- Scams (e.g. advance fee fraud, business email compromise, online auction fraud).
- Cashing Out/Money Laundering (e.g. credit card fraud, money mules, illicit virtual currency platforms).
Professor Jonathan Lusthaus, co-author of the research conducted by the University of Oxford, UNSW Canberra, Monash University and Sciences Po, said cybercrime is predominantly imperceptible because perpetrators frequently conceal their actual whereabouts through the utilization of counterfeit identities and technological safeguards.
“Due to the illicit and anonymous nature of their activities, cybercriminals cannot be easily accessed or reliably surveyed. They are actively hiding,” commented Dr Lusthaus. “If you try to use technical data to map their location, you will also fail, as cybercriminals bounce their attacks around internet infrastructure across the world. The best means we have to draw a picture of where these offenders are actually located is to survey those whose job it is to track these people.”
Leading Cybercrime Specialists Surveyed
The Index’s foundational data was collected via a comprehensive survey conducted among 92 leading cybercrime specialists across the world. These experts are actively engaged in the realms of cybercrime intelligence gathering and investigations. The survey inquired about their perspectives on the five prominent categories of cybercrime outlined earlier, prompting them to identify the countries they perceive as the primary origins of each cybercrime type. Furthermore, the experts were tasked with evaluating and ranking each country based on the proficiency, technical expertise, and overall influence of their cybercriminals.
Co-author Dr. Miranda Bruce emphasized that the findings of the study will allow both public and private sectors to allocate their resources more effectively by targeting major cybercrime hubs. This strategic approach will result in reduced expenditure on cybercrime countermeasures in regions where the issue is less prevalent.
“The research that underpins the Index will help remove the veil of anonymity around cybercriminal offenders, and we hope that it will aid the fight against the growing threat of profit-driven cybercrime,” said Dr Bruce. “We now have a deeper understanding of the geography of cybercrime, and how different countries specialise in different types of cybercrime. By continuing to collect this data, we’ll be able to monitor the emergence of any new hotspots and it is possible early interventions could be made in at-risk countries before a serious cybercrime problem even develops.”
Professor Federico Varese from Sciences Po in France, who co-authored the study, emphasized that the World Cybercrime Index represents an initial stride towards comprehending the localized aspects of cybercrime generation worldwide.
“We are hoping to expand the study so that we can determine whether national characteristics like educational attainment, internet penetration, GDP, or levels of corruption are associated with cybercrime” said Professor Varese. “Many people think that cybercrime is global and fluid, but this study supports the view that, much like forms of organised crime, it is embedded within particular contexts.”
Mitigate Against Cybercrime Via SentryBay’s Zero-Trust Approach
From the research it can be deduced that endpoint devices accessing corporate networks represent a major threat to organizations. They can be managed or unmanaged, known, or unknown, but if they are unsecured, they can potentially give cybercriminals a way in via malware carrying a devastating payload of keylogger and screen capture capabilities. In this ‘hybrid working’ era, a zero-trust approach is one in which all users and all devices must be verified before they are given access to sensitive data, applications, platforms, and networks. The motto ‘never trust, always verify’ is important to remember and a good rule for companies to live by.
“SentryBay welcomes the World Cybercrime Index from the University of Oxford, UNSW Canberra, Monash University and Sciences Po,” said Tim Royston-Webb, CEO, SentryBay. “The research echoes what we at SentryBay have been saying for years, the threat posed by international cybercriminals must be mitigated via zero trust endpoint solutions. With cybercrime predicted to cost the world $9.5 trillion in 2024, SentryBay has developed a range of solutions to help government departments, enterprises, their customers, and partners arm themselves against the cybersecurity threats such as malware outlined in the World Cybercrime Index. However, Implementing zero trust is not straightforward. It needs to be regarded as a holistic exercise that envelops every part of an organization. It’s not a single solution or a platform, it’s an approach to the cybersecurity threat that must be built into an organization’s broad IT security strategy and preferably layered so that it can deliver the greatest protection.”