Remember the last time you got a text that felt off? Maybe it claimed that your package was delayed or mentioned an unpaid toll, with a link to a website that looks seemingly legitimate. But what if that phishing attempt wasn’t the work of a lone scammer? Cybercrime today is a multi-trillion-dollar global industry with supply chains, business models, and growth paths like major corporate sectors. Every phishing email or suspicious text message aren’t just a random nuisance; it’s the visible sign of an underground economy. Cybercrime has grown into a professional industry with a trillion-dollar global impact, fueled by scalable infrastructure, automated tools, and organized criminal networks.
A new report, Cybercrime Supply Chain 2025, by Interisle’s cybersecurity team, uncovers this digital underworld, revealing an ecosystem whose size and complexity rival those of legitimate global industries. It shows how modern cybercrime has its own economy, vendors, and service sectors. The annual cost of cybercrime is expected to reach $10.5 trillion in 2025. If cybercrime were a country, it would be the fourth largest: closely following the United States, China, and India. This isn’t a minor threat; it’s a global economic force driven by theft, fraud, and disruption.
While criminals clearly profit from their actions, their actual earnings account for only a small share of the total economic damage they cause. The $10.5 trillion amount reflects not just direct losses to victims, but also the substantial costs of incident response, system recovery, regulatory fines, insurance claims, and long-term reputational harm. Attackers walk away with their payouts, but society bears the much larger burden, often hundreds of times more than what criminals earn.
One of the most surprising findings in the report is the extent to which cybercrime has become professionalized. Modern attacks are rarely built from scratch; instead, criminals use a well-developed service economy called Crime-as-a-Service (CaaS). CaaS providers give criminals all the necessary resources—including malware kits, phishing sites, spam tools, secure hosting services, domain registration, botnet leasing, and support. With just a few clicks and a payment, anyone without technical skills can launch a sophisticated attack. They offer updates, subscription levels, and even technical assistance. The tools for crime are now rentable products, with service contracts and subscriptions that lower entry barriers and help the criminal ecosystem grow continually.
The report highlights a recent Google lawsuit, showing that the criminal group known as Lighthouse runs a comprehensive platform that makes phishing easy for beginners. Lighthouse stands out not because it uses advanced hacking techniques, but because it easily gathers all the resources it needs from legitimate services. Its operators don’t rely on rare vulnerabilities or sophisticated exploits; they buy cheap domain names, hosting accounts, messaging tools, and other off-the-shelf products and combine them with stolen data and assets from criminal markets to run large-scale scams with minimal effort.
Interisle’s report found that 7.3 million domains linked to attacks were registered en masse, showing a 177 percent increase from the previous year. These are not isolated transactions. In one documented case, a single criminal operation registered 17,590 domains in eight hours through the same registrar.
As Karen Rose notes in her CircleID piece, “This cybercrime supply chain economy—one of high volume, low cost, and minimal friction—is what enables cybercriminals to reach global scale and profit from unsuspecting victims with so little effort.”
This mass production, enabled by automated domain registration tools, allows criminals to set up thousands of fake sites, swap them quickly when takedowns occur, and overwhelm defenders who try to block malicious domains one by one. By automating domain acquisition at a large scale, attackers stay constantly ahead of slower, more manual defense systems.
This raises an important question: What is needed to cut off cybercriminals from the infrastructure they depend on? The Interisle report states that the most effective strategy is not just to defend against individual attacks but to disrupt the entire supply chain. That involves targeting registrars and hosting providers that criminals exploit, requiring strong identity verification for high-volume domain buyers, using automated screening for suspicious registrations, and promoting more information sharing among security teams, registries, and law enforcement.
We can no longer rely solely on blocking individual phishing emails or shutting down isolated malicious domains. The only sustainable solution is to focus on the core operations of cybercrime itself, specifically the vendors, infrastructure providers, and marketplaces that enable large-scale attacks.
To effectively combat it, we need to shift our focus from individual attacks to a strategic approach that considers the supply chains, platforms, and services that support this hidden economy. Only by disrupting the underlying infrastructure can we significantly reduce the scope, profitability, and vast global impact of criminal networks.
The post The Hidden Economy Behind Every Scam Email appeared first on American Enterprise Institute – AEI.
