Security Awareness: Cybercrime Gangs to State-Sponsored Hacks

Security Awareness: Cybercrime Gangs to State-Sponsored Hacks

By Rebecca Tague, Security Analyst

12 Jan, 2023

Cybersecurity is a significant topic that is always evolving. Q2 Security Analyst Rebecca Tague tackles the topic of cybercrime. Check back over the coming weeks as Rebecca looks at Fast Identity Online authentication and Business Email Compromise attacks

Cybercrime has been more profitable than the global illegal drug trade since 2013. By 2025, it is estimated that cybercrime is going to cost the world in the ballpark of $10.5 trillion annually. To put that in perspective, the United States has a nominal GDP of about $21.5 trillion. This vast shift of capital into the hands of criminal groups will threaten innovation, livelihood, and the world economy. However- the individuals behind the mask of these hacks are only sometimes whom we would expect. 

While some are motivated purely by financial gain or activism, others are backed by federal authority. Nation-state hackers are given a 'license to hack' by their governments, meaning they can virtually hack and wreak havoc without fear of legal retribution (at least within their own country). Even with their own nation turning a blind eye, nation-state-backed other countries can still persecute hackers. In July 2021, four Chinese individuals were arrested and charged with facilitating an array of hacks on various companies, universities and government agencies within the United States and abroad from 2011 to 2018. These individuals belonged to a group with many names, but most commonly known as Leviathan or APT-40. The denotation APT stands for 'Advanced Persistent Threat,' widely used to name criminal groups that are politically or economically motivated. Typically, groups given the 'APT' denotation have the strategy of gaining unauthorized access to networks to stay undetected for an extended time and maximize their impact. Many organizations struggle with closing backdoors ripped open by nation-state hacks, as they leave a path for script kiddies and other unorganized hackers to take advantage of. Organized/nation-state-backed hacks are one of the most dangerous threats in the cyber landscape. The likelihood of detection and prosecution of organized cybercrime in the United States is below 0.05% (according to the World Economic Forum's 2020 Global Risk Report).

The extensive bulk of crime online is carried out by cyber crooks incentivized for monetary gain. One such group has been in the news recently: LAPSU$. This group is a less organized ring, mainly filled with teenagers looking for clout and money. They have taken responsibility for hacks on companies like Nvidia, Samsung, Ubisoft, Okta, and Microsoft. These kinds of groups usually only last for a while due to internal conflict or bickering within themselves. During March of this past year, seven individuals ranging from 16 years old to 21 were arrested. This was made possible because these teens were internally squabbling, which escalated to them releasing each other's full names and addresses within their Telegram channel, eventually leading to their arrest. Typically, individuals within these less organized crime groups do not need deep technical knowledge, as they rely more on social engineering and tricks they learn from Dark Web forums. These groups typically use dated ransomware and malware available on underground forms. Therefore, it is vital always to ensure that you are updating your software and devices to patch known vulnerabilities. Since the pandemic, many cyber crooks have shifted their focus to cryptocurrency and NFTs. These groups can cause significant damage. However, encrypting data, using MFA whenever possible and utilizing anti-malware technologies can help keep you and your data safe. 

With the current geopolitical landscape, it is worth noting another group that performs cybercrime: hacktivists. These individuals and groups typically act out as retaliation to a political power; many actions made with the guise of hacktivism claim to be undertaken by the group Anonymous. While Anonymous may have been a more organized group at one point, it has now become a mask that any individual can wear if they are trying to keep anonymity while retaliating against government authority. We can see a few different use cases of this mask within the Ukraine-Russian war and with the death of Mahsa Amini in Iran. In March, hackers made a massive DDos attack against Russia's top-level domain name ('.ru') with the goal of cutting access to all URLs that utilize this domain name. Files were also stolen from the Russian space agency, Roscosmos, under the threatening guise of Anonymous for Russia's involvement in the occupation of Ukraine. As recently as this month, Iran also experienced hacks from Anonymous after their religious police murdered a 22-year-old girl for wearing an 'improper' hijab. These attacks have been geared toward taking down official Iranian sites and their state-sponsored television. Essentially Anonymous has become the global scapegoat for hacktivism. 

There are many grey areas between these three main categories of cybercrime within the victims they choose and the tools that they utilize. As with many other types of crime, cleaning up the mess the hackers leave behind is often more expensive than the bounty they walk away with. According to a 2022 report from IBM, the total data breach cost is about $4.35 million, a 2.6% increase from 2021. Cybersecurity begins at the top level. The current status quo in our cyber landscape is unacceptable, as threat actors are on track to have nearly HALF the GDP of the most wealthy nations by 2025. At that point, it may be too late to have any effective means of protection for ourselves and our data. That is why we must act now to fortify our laws and technology to stay ahead of criminals. 

Relevant Resources
Learn more about Q2's fraud, risk and compliance solutions