You seem to be implying that 80% of com/net domains are used for cybercrime, which is not a sound conclusion from those numbers. You're confusing "percent of all domains" with "percent of crime domains". You can't just divide them to get something meaningful.

No, the statement was that ".net and .com are still pulling 80% of their weight when it comes to cybercrime." I read that as saying that .net and .com domains show up in cybercrime 80% as often as would be expected if all TLDs were equally likely to be used for cybercrime.