A recent academic study and dark web investigation found that elite cybercriminals can typically make up to $2 million per year. And how do they spend their money? Like everyone else... paying their bills, investing in their futures, and traveling the world in style while splurging on jewelry, drugs and prostitutes. (Okay, so maybe not like everyone else.)

Dr. Mike McGuire, senior lecturer in Criminology at the University of Surrey, U.K., spearheaded the study, which drew conclusions from first-hand interviews with cybercriminals, data from international law enforcement agencies and financial institutions, and dark web observations. The research was sponsored by Bromium, which published some of the more intriguing findings in a two-part blog post.

In a survey of 100 cybercriminals, McGuire found that 30 percent primarily spent the highest share of their ill-gotten revenues on long-term investments including property, financial instruments, art and wine. Twenty percent said they spent the brunt of their earnings on drugs, prostitutes and other vices, while another 20 percent focused on buying IT equipment and other assets to reinvest in their criminal operations.

Meanwhile, 15 percent said spent their funds on basic day-to-day needs like diapers and bill payments, while another 15 percent spent on items that helped them attain status, like expensive jewelry and cars.

"One individual in the UK, who made around £1.2 million per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could arrive in style to casinos and hotels," said McGuire, via the Bromium blog post. "Another UK cybercriminal funneled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes."

According to the study, cybercrime's highest earners typically can make up to $2 million dollars annually, while mid-level criminals generate up to $900,000 and entry-level criminals make around $42,000.

"As criminals further monetize their business, allowing anyone to buy pre-packaged malware or hire hackers on demand, the ability to catch the kingpins becomes even more challenging," said Gregory Webb, CEO of Bromium. "The cybersecurity industry, business and law enforcement agencies need to come together to disrupt hackers and cut off their revenue streams."