Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns

News
By
published

Financial motivations much more prominent than national security threats, report warns

Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
(Image credit: Shutterstock)
  • Google's Threat Intelligence report says cybercrime worse than ever
  • Healthcare is yet again a top target for cyberattacks
  • Nation-state actors are using cybercrime to raise money

Despite widespread coverage of cyberattacks from the ‘Big Four’, Russia, China, Iran, and the Democratic People’s Republic of Korea (North Korea) - Google’s Threat Intelligence Group Cybercrime Report reveals almost four times more intrusions were conducted by financially motivated actors in 2024 than state-backed attackers.

The report outlines the company's Mandiant arm's threat responses in 2024, and reveals it’s not just national security threats countries should be worried about. Any attack on critical infrastructure, no matter who’s behind it, can have devastating effects on people’s lives;

“When power grids are disrupted, entire communities are left vulnerable. The effects of cybercrime extend far beyond stolen money or data breaches; they erode public trust, destabilise essential services, and, in the most severe cases, cost lives,” the report explains.

Healthcare still top target

It will come as no surprise to many that healthcare providers are still an incredibly attractive target for cybercriminals considering the vast amount of sensitive data they hold, as well as the critical nature of their services, meaning that any outage can be catastrophic.

In fact, the report shows a 50% increase in healthcare’s share of posts on data leak sites - and whether this is a criminal looking for financial gain, or nation-backed actor looking to disrupt critical infrastructure, the effect on patients is the same;

“Sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be,” the report notes.

Each actor’s playbooks are different, but Google’s report does suggest that each of the ‘Big Four’ are supplementing their income as part of their attacks, primarily deploying ransomware or malware to raise funds.

This has been observed many times, with North Korea’s Lazarus group launching large scale cyberattacks, which researchers suggest is part of an operation aimed at helping to fund state apparatus.

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
A VPN runs on a mobile phone placed on a laptop keyboard

SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now
Representational image depecting cybersecurity protection

Ivanti reveals major security update, so make sure you're protected
A smartphone showing a red and green graphic of 'AMD VS Nvidia'.

I can't tell if it's just a coincidence, but Nvidia's RTX 5070 is now reportedly set for March alongside AMD's RDNA 4 series launch
See more latest