Where do cyber threats come from?

Cyber attacks, online scams, etc.: the cost of cybercrime around the world is growing, not only financially but also in terms of corporate reputation and people's privacy. Until now, the dominant approach to cyber security has been technological, aimed at raising the level of protection of digital infrastructures and detecting intrusions into networks. However, it is difficult to know where cybercriminals are operating from, because of the strategies they use to mask their location. Yet, locating the perpetrators of cybercrime would enable us to understand the social and economic context in which these people live and to explore long-term social solutions for combating this type of crime.

A team of researchers in France, the UK and Australia surveyed nearly a hundred leading cybercrime experts based around the world. These experts were asked to name the main source countries of profit-driven cybercrime (state-sponsored crime is not included in this ranking).

Five categories of cybercrime were considered: technical products or services (e.g. malware coding, botnet access, etc.), attacks and extortion (e.g. denial-of-service attacks, ransomware, etc.), data or identity theft (e.g. phishing, etc.), online scams, and finally cashing out or money laundering (e.g. credit card fraud, 'money mules', etc.). For each, the experts had to name up to 5 countries that they considered to be hotspots, and then assess the level of impact, professionalism and technical skills of the cybercriminals in these countries.

The researchers used the results of the survey to draw up a World Cybercrime Index, which allows countries to be compared with each other. Scores by category of cybercrime were also computed.

“Profit-driven cybercrime, often seen as a fluid and global type of organized crime, actually has a strong local dimension”, the authors explain. "Most cybercrime is produced in just six countries." 

Overall, Russia came top, followed by Ukraine, China, the United States, Nigeria and Romania. Each of these countries also ranks in the top 10 for each of the five threat categories. However, 97 countries have been identified by at least one expert as a hotspot for a particular category. France came 30th in the overall ranking.

The World Cybercrime Index also shows how some countries specialise in one or more types of cyberthreats. For example, Nigeria ranks first for online scams, North Korea comes just behind Russia and Ukraine for attacks and extortion, while cashing out and money laundering are the top category in the UK.

This index could therefore enable public and private stakeholders to target their efforts where they are most useful, in particular by differentiating between types of cybercrime.

While the first wave of the survey was conducted in 2021, a second wave is currently underway. 

“This study confirms that cybercrime, like all forms of organised crime, takes place in specific contexts", Federico Varese said. “We are hoping to expand the study so that we can determine whether national characteristics like educational attainment, internet penetration, GDP or levels of corruption are associated with cybercrime."

The World Cybercrime Index is an outcome of the CRIMGOV research project (2021-2026), aiming to study in depth a broad range of organised crime, from cybercrime in Europe, to the international trade of drugs from Colombia to Europe, and the emergence of criminal governance inside and outside prisons. It is funded by a European Research Council (ERC) Advanced Grant awarded to Federico Varese. 

In addition to Federico Varese, the team comprised scholars from the University of Oxford (UK) and Monash University (Australia).

Reference

Bruce M, Lusthaus J, Kashyap R, Phair N, Varese F (2024) Mapping the global geography of cybercrime with the World Cybercrime Index. PLOS ONE 19(4): e0297312. https://doi.org/10.1371/journal.pone.0297312