An academic research project to gain insight into which countries commit the most cybercrime ranked the usual suspects – Russia, Ukraine, China and the US – at the top, but Nigeria ranked fifth. , we also found a relatively surprising country, Romania in second place. 6th place, Brazil 9th place.
Countries with high technology levels typically score fairly high on the World Cybercrime Index (WCI). This is especially true if those countries have state-sponsored actors that overlap with cybercrime groups. However, a university research effort by academic institutions in the UK, Australia and France found that out of five areas, Nigeria received top scores for fraud and Romania received high scores for data and identity theft. In one, the other country had the upper hand.
Cybersecurity experts have long associated different countries with different types of cybercrime. For example, Russia for banking and ransomware, and China for intellectual property theft and financial crime. This is the first time researchers have been able to compare different countries based on specific criteria. Commenting on the attribution and cybercrime approach, Miranda Bruce, a postdoctoral fellow in sociology at the University of Oxford, said:
“A closer look at these five indicators can provide a deeper understanding of each country's characteristics as a cybercrime hotspot,” she says. “Nigeria is number 1 on the fraud index, but between 5th and 10th on the other four cybercrime types. That is clear, but it is also clear that we are specializing as a country.”
Researchers collected survey data from 92 cybercrime experts and asked them to choose the top five countries for cybercrime in five different crime categories. Attack and extortion. Data and identity theft. fraud; and cash-grabbing and money laundering. For each country, participants were asked to rate the country on the impact of crime, professionalism of actors, and technical skills.
Top 15 countries ranked by overall global cybercrime index.Source: Ploswan
Cybercrime experts named a total of 97 countries, according to . Papers published by the group Published in the journal PLOS One.
But WCI scores may not be able to distinguish between true cybercriminals residing in a country and mercenary groups operating on behalf of sponsors in that country, said research and data officer DomainTools, a domain security services company. said Sean McNee, Vice President.
“When assessing regional cybercriminal groups such as Russia, China, Iran, and North Korea, determine whether they are operating purely autonomously or on behalf of a nation-state sponsor. That's always difficult to do,” McNee said. “This makes it more interesting to investigate cybercriminals in other countries, such as Nigeria, India, and Brazil.”
Low technical score, high threat
Nigeria's top performance in the fraud category, which researchers lump together with advance payment fraud, business email fraud, and online auction fraud, shows that a highly developed cybercrime ecosystem does not necessarily require advanced technical skills or infrastructure. It highlights what is not needed.meanwhile Nigeria prioritizes cybersecurity capabilitiesThe country remains a hub for email fraud, as evidenced by the case of a Nigeria-based group committing romance scams to US-based nationals. was sentenced earlier this year.
Romania, which ranked sixth on the list, has a long history of hosting a cybercrime ecosystem, so its ranking is a bit surprising, said Chester Wisniewski, director and field CTO at cybersecurity company Sophos. says Mr.
“Romania has always had high levels of cybercriminal activity, probably due to its highly educated population and its proximity and relationships with neighboring cybercriminal states such as Ukraine, Russia and Moldova,” he says. “Romania is cooperative in the detection of cybercrime, but I'm not sure if it's inherently that aggressive.”
Oxford University's Bruce said researchers are looking at how the Global Cybercrime Index correlates with other country characteristics, such as gross domestic product (GDP), income inequality, internet penetration, and corruption. He also said he plans to investigate how cybercrime policies affect countries' scores. Say.
“There is still much to learn about how and why countries such as Russia, China, and the United States became major cybercrime hotspots. However, the countries that appear at the bottom of the index It will teach us more about the nuances of cybercrime,” she says. “In other words, it is a particular combination of factors that allows a region to become an economic hub for cybercrime activity. It is important to keep an eye on these countries and regions in the coming years.”
room for improvement
Unfortunately, this data provides little actionable information for defenders, but it could be useful for policymakers and diplomats interested in influencing countries to gain cooperation. says Sophos' Wisniewski.
“If these statistics are accurate, only the countries on the list are in a position to address the problem of being a source country for cybercrime,” he said. “Many of the people on the list not only have no interest in lowering their rank, they may even be proud of it.”
The researchers conducted this study in 2021, so unfortunately that means the rankings are out of date, and the cyber threat landscape including Russia's invasion of Ukraine, the recent rise in romance scams, and the rise of cryptocurrencies. does not include major changes. It's a scam from North Korea, says McNee of DomainTools.
“This suggests that encouraging policies that promote the technology sector in these countries – turning cybercriminals into entrepreneurs – could have a net positive impact on their economies. ” he says. “It may be more useful to track these trends in downstream countries of the WCI to promote such policies before a notable cybercrime industry takes root.”
