Russia and Ukraine topped a list of cybercrime-producing nations, followed by China and the United States, with African nation Nigeria rounding out the top five.

These were the results from three years of research, according to a study published in the scientific journal PLOS ONE, Mapping the global geography of cybercrime with the World Cybercrime Index, written by researchers at the University of Oxford and the University of New South Wales (UNSW) Canberra.

The report, focused on profit-driven cybercrime, was based on input from 92 cybercrime experts. They were tasked with assessing five major categories of cybercrime: technical products/services, attacks and extortion, data/identity theft, scams, and cashing out/money laundering. Participants nominated the countries they believed to be the most significant sources of each type and provided ratings for each such country based on the offenses’ impact. They also gauged the professionalism and technical skills of the offenders originating from those countries. The dataset and relevant documents are available on the Open Science Framework.

From these expert responses, the researchers generated scores for each cybercrime type, aggregated to create an overall metric of cybercriminal activity known as the World Cybercrime Index (WCI).

Nigeria’s prominence stems in part from numerous business email compromise (BEC) and romance scams linked to money laundering, while Russia’s war with Ukraine has impacted government organizations and private companies in the United States.

China has long been a source of worry for U.S. officials as a major state sponsor of cybercriminal activity, which also shows no sign of abating. In March the U.S. and U.K. accused the country of a multi-year cyberespionage campaign.

Alarm, but No Surprises

Casey Ellis, founder and chief strategy officer at Bugcrowd, found none of the findings all that surprising. “Of the superpowers, Russia has a clearly integrated cybercrime ecosystem which operates alongside its nation-state interests, and China has long been known to conduct economic and intellectual property espionage in the West,” Ellis said.

Ellis called Ukraine a “hotbed of technical proficiency” and noted Nigeria’s reputation as a cybercrime hub, dating to the “Nigerian prince” 419 scams, advance-fee fraud schemes that were common in the late 1990s.

As for the United States and UK, “The combination of access to talent and their huge populations explains their presence on this list – even though it was compiled by a ‘Western’ group of researchers,” Ellis added.

Nigeria’s professionalism and technical score are outliers in the top eight, Ellis said. However, what the region lacks in sophistication it makes up for in persistence and voracity. “It illustrates that technical excellence, while useful, isn’t the most important thing,” he said. “Scams, which are comparatively easy to execute, are effective if the attacker is playing the numbers game.”

WCI Findings Valuable “First Step”

While valuable for historical context and educational purposes, the data’s limited scope from March to October 2021 poses challenges for practical use by defenders, said Ngoc Bui, cybersecurity expert at Menlo Security.

Despite these limitations, the index provides a valuable, albeit brief, historical view that can serve educational purposes, helping intelligence analysts grasp a snapshot of an ever-changing landscape, Bui said. “It’s hard to say how actionable beyond strategic planning this data can be, but that doesn’t take away from small lessons we may learn from it.”

Geopolitical events can easily and dynamically shift cybercrime dynamics by escalating cyberattacks as part of warfare, affecting both nations’ rankings. “These conflicts might also lead to increased state-sponsored activities and a rise in hacktavism, further influencing the global cybercrime landscape,” Bui said.

From the perspective of Sarah Jones, cyber threat intelligence research analyst at Critical Start, the WCI dismantles the stereotype that cybercrime is solely a problem for developing nations.

“The presence of developed countries like the U.S. in the top rankings underscores the global nature of the threat and the need for a worldwide commitment to cybersecurity,” Jones said. The WCI rankings offer a “valuable first step” towards understanding the geographical variations in cybercrime, allowing for a more targeted approach to combating cyber threats across the globe.

Jones agreed with Bui that leveraging the WCI for actionable insights presents defenders with some challenges. “The reliance on expert opinions, which can be subjective and influenced by individual experiences, creates a margin of error,” she said.

Additionally, the fast-paced nature of cybercrime means the WCI’s data might not always reflect the latest trends as criminals adapt quickly. WCI focuses on broad categories, lacking specifics about criminal groups or infrastructure within a country, which limits defenders’ ability to take highly targeted action, Jones pointed out.

Photo credit: Jametlene Reskp on Unsplash