SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Cybersecurity
#
Cybercrime

Cybercrime surges as global threat to national security

Today
Author image
By Melania Watson, Interview Editor

Cybercrime has become the predominant form of malicious activity online, surpassing state-sponsored hacking and posing an increasing threat to national security, according to recent conclusions drawn by the Google Threat Intelligence Group.

This trend was highlighted with Mandiant Consulting's data revealing that, in 2024, there were nearly four times as many cyber intrusions motivated by financial gain compared to those linked with state actors.

Despite this, the significance of cybercrime is often underestimated within the national security community, even though it threatens critical infrastructure, public health, and economic stability.

One sector heavily impacted is healthcare, where ransomware attacks have doubled over the past three years. These incidents disrupt patient care and have been tied to increased mortality rates. The urgency inherent in medical services makes this sector particularly attractive to cybercriminals.

The energy sector has also been identified as a critical infrastructure at risk. Incidents such as the 2021 Colonial Pipeline attack and various breaches in European refineries have demonstrated the potential for cybercriminals to cause widespread shortages and economic disruption.

On a global scale, the economic impact of cybercrime has been significant. One notable incident was the 2022 CONTI ransomware attack on Costa Rica, which led to a national emergency and had a severe economic impact. Business email compromise schemes over the last decade have resulted in approximately USD $55 billion in global losses, as documented by the FBI.

State-sponsored cybercrime is experiencing a new phase, characterised by collaboration between governments and cybercriminal networks to achieve strategic objectives. Examples include Russia's GRU, which has used cybercrime malware in Ukrainian attacks, as well as Iran and China integrating espionage with financially motivated ransomware efforts. North Korea has also leveraged cybercrime, particularly by targeting cryptocurrency, to fund government and military programs.

The advent of Data Leak Sites (DLS) marks another aspect of these evolving cybercrime tactics. With the number of DLS almost doubling since 2022, these sites have been used to extort organisations by threatening to release stolen data if ransom demands are unmet.

There is an increasing overlap between cybercrime and state espionage, with collaboration between cybercriminals and national security agencies, especially during geopolitical conflicts. Russian agencies have, notably, relied on the cybercriminal ecosystem for executing rapid and deniable operations. Some examples include the GRU's APT44 deploying ransomware against Ukraine and NATO assets, and other Russia-linked groups using stolen data and tools for cyber operations.

Similar tactics have been seen beyond Russia. Iran's UNC5203 group has utilised Russian-developed malware to target Israeli nuclear research, and China's UNC2286 has used ransomware as a guise for espionage activities. North Korean actors, including groups such as APT38 among others, are known for using cybercrime financially to support state programs.

The report outlines a series of recommendations to combat this rising tide of cybercrime. It calls for recognising these activities as a threat to national security, bolstering cybersecurity defences at both government and corporate levels, and fostering international collaboration to dismantle cybercriminal networks. There is also an emphasis on education concerning cyber hygiene to prevent such incidents and advocating for stronger private-sector security practices to reduce potential vulnerabilities.

Cybercrime's reach now extends beyond affecting only individuals' financial losses, presenting a broader national security risk. As it continues to intersect with state-sponsored espionage and disrupt essential infrastructures, a unified international response is deemed essential to counteract this growing influence.

Organisations and individuals alike are encouraged to improve cybersecurity resilience and to contribute to intelligence-sharing efforts, aiming to hold cybercriminals accountable.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Advisory dispels myths threatening organisational security
Fortra's 2025 cybersecurity survey: key risk findings
WatchGuard joins AWS ISV Accelerate Program for growth
Proofpoint named Governance leader in 2025 Gartner Magic Quadrant
Cyber threats to Microsoft 365 via HTTP client tools surge
Top stories
Why physical security for data centres differs from other facilities
Only 14% balance data security with business goals
Akamai unveils comprehensive cybersecurity guide for 2025
Resilience launches new tool to combat vendor cyber risk
New SparkCat Trojan targets AppStore & Google Play users