Cybercrime Monetization: How Attackers Will Make Money in 2017 and Why It’s Getting Easier

In many Asian cultures, the number eight symbolizes wealth and prosperity. For cybercriminals, 2017 promises to be a lucky year indeed. As the digital underground evolves, attackers are finding new ways to turn breaches into profit. This article explores the key trends in cybercrime monetization for 2017, from ransomware to cloud compromises, and why the barrier to entry is dropping.

The Rise of Ransomware and Social Media as Revenue Streams

Ransomware remains a dominant force in cybercrime monetization. According to RiskIQ VP EMEA Ben Harknett, modern threat actors move fast, and seconds will count more than ever. Attack campaigns now go live within hours of account creation, lasting only a short time to evade detection.

Social media platforms are also being weaponized. Phishing and malware campaigns spread rapidly through fake profiles and malicious links. This low-cost, high-reach method allows criminals to target millions without sophisticated tools.

State-Sponsored Cybercrime: A New Level of Organization

Symantec’s Chief Strategist for EMEA, Sian John, warns that rogue nation states may align with organized crime for financial gain. The SWIFT attacks serve as a stark example, where state-backed actors stole millions by exploiting financial systems. This collaboration could lead to downtime for political, military, or financial infrastructures.

Therefore, cybercrime monetization is no longer just the domain of lone hackers. State funding brings resources and sophistication, making attacks harder to stop.

Cloud Infrastructure: The Next Big Target

Anomali senior threat researcher Aaron Shelmire predicts that cloud services will be a primary target in 2017. Security conferences have highlighted cloud-based persistence and compromise methods. Shelmire expects leading security organizations to detect malicious actors breaching cloud management infrastructure.

Malware designed to capture cloud credentials is on the rise. Once inside, attackers establish persistence through cloud management profiles, complicating intrusion timelines. This shift means cybercrime monetization will increasingly rely on cloud vulnerabilities.

Low-Sophistication Attacks Still Pay Off

Not all attacks require advanced skills. Mike Scutt, analytic response manager at Rapid7, predicts a surge in script-based malware and the use of native OS tools for execution, persistence, and reconnaissance. The dark web provides ready-made tools, lowering the entry barrier.

As a result, even less skilled criminals can profit. The websites hosting malware and phishing lures may last only hours, but the malware persists. Improved detection and response will help, but attackers adapt quickly.

How Businesses Can Defend Against Cybercrime Monetization

To counter these threats, organizations should invest in real-time monitoring and employee training. Phishing simulations and cloud security audits are essential. Additionally, adopting a zero-trust architecture can limit the damage from credential theft.

Building on this, companies must prioritize patch management and endpoint detection. As cybercrime monetization evolves, proactive defense is the best offense.

For more insights, read about ransomware prevention strategies and cloud security best practices. Also, check our guide on social engineering awareness.

In conclusion, 2017 marks a turning point in cybercrime monetization. Attackers are more organized, better funded, and leveraging low-sophistication methods with high success. Staying informed and vigilant is key to protecting assets.