Cybercrime: A Growing National Security Threat That Demands Immediate Action

Google Threat Intelligence Group Report Highlights the Increasing Impact of Financially Motivated Cyber Attacks

Cybercrime has evolved into one of the most significant threats to national security, surpassing state-backed hacking in sheer volume and impact. According to a recent Google Threat Intelligence Group (GTIG) report, financially motivated cyber intrusions outnumber state-sponsored attacks by a ratio of nearly 4 to 1 in 2024. Despite its scale and consequences, cybercrime often receives less attention from national security agencies than threats linked to espionage and nation-state actors.

The ransomware epidemic, the surge in data leak sites, and the growing interplay between cybercriminals and state actors illustrate that cybercrime is no longer just an economic nuisance—it is a direct threat to national stability.

Cybercrime’s Role in Global Cyber Threats

Cybercriminal groups not only operate independently for financial gain but are increasingly exploited by nation-states for espionage, disruptive attacks, and information warfare. For example:

• Russia has integrated criminal cyber capabilities into its ongoing war in Ukraine, leveraging malware from underground hacker communities for intelligence gathering and disruption. The GRU-backed APT44 (Sandworm) has repurposed criminal malware to conduct cyberattacks on Ukrainian critical infrastructure.
• Iran uses ransomware to fund espionage operations while maintaining an aggressive cyber presence.
• China’s espionage groups have been found engaging in financially motivated cybercrime, particularly targeting intellectual property theft and corporate data extortion.
• North Korea has developed a state-backed hacking industry that directly finances the regime through cryptocurrency theft, ransomware, and digital fraud—with stolen funds reportedly reaching $3 billion between 2017 and 2023.

This convergence of cybercrime and state-backed hacking blurs traditional lines between financial and geopolitical cyber threats.

Healthcare: A Prime Target for Ransomware and Data Theft

One of the most alarming findings in GTIG’s report is the rapid increase in cybercriminal activity targeting hospitals and healthcare systems. The number of hospitals appearing on data leak sites has doubled in the past three years, with attackers exploiting their vulnerability to ransom demands.

Notable cases include:

• July 2024 – The ransomware group Qilin (AGENDA) publicly announced its intention to attack U.S. healthcare institutions. Within weeks, multiple hospitals and dental clinics appeared on its data leak site.
• March 2024 – A cybercriminal named “badbone” was found offering illicit access to medical, government, and education systems in Europe, willing to pay a premium for emergency hospitals.

Cyberattacks on hospitals are not just financial crimes; they directly threaten lives. A University of Minnesota study found that mortality rates increase by 35-41% among hospitalized patients when their healthcare facility is hit by ransomware.

Furthermore, the UK’s National Health Service (NHS) reported that a June 2024 ransomware attack on a contractor resulted in permanent physical and mental health consequences for patients.

With criminals prioritizing sectors that are most likely to pay ransoms, healthcare remains an extremely lucrative and dangerous target.

Economic Disruption: The Hidden Cost of Cybercrime

Beyond its direct financial impact, cybercrime also poses a serious threat to economic stability.

• Costa Rica’s 2022 national cyber emergency – The country suffered catastrophic government-wide cyberattacks from the CONTI ransomware group, crippling tax, pension, and customs systems. The aftermath cost millions of dollars, and the U.S. later pledged $25 million in cybersecurity aid.
• Business Email Compromise (BEC) attacks – The FBI’s Internet Crime Complaint Center (IC3) estimates that between 2013 and 2023, cybercriminals stole $55 billion through BEC fraud.
• Cyberattacks on critical infrastructure – The Colonial Pipeline attack (2021), the Petro-Canada attack (2023), and disruptions at the Amsterdam-Rotterdam-Antwerp refining hub (2022) highlight how ransomware can cripple essential energy and transportation systems.

These attacks not only affect individual businesses but also destabilize national economies, particularly in countries with less robust cybersecurity infrastructures.

Data Leak Sites: A Growing Threat

Ransomware gangs have increasingly adopted data leak sites (DLS) to increase pressure on victims. Instead of merely encrypting files, attackers now threaten to publicly release sensitive data, including:

• Confidential corporate research and development documents
• Internal HR and financial records
• Government agency communications
• Personally identifiable information (PII)

The number of these leak sites has nearly doubled since 2022, creating a new avenue for espionage and financial exploitation. These leaks undermine national economic competitiveness and provide foreign intelligence agencies with a treasure trove of exploitable data.

State-Sponsored Cybercrime: A Dangerous Symbiosis

Many nation-state hacking groups now source their tools and infrastructure from cybercriminal markets, making it harder to distinguish between criminal activity and state-directed cyber operations.

Key examples include:

• Russia’s APT44 (Sandworm) and UNC2589 – These groups purchase malware from cybercriminals and modify it for state-sponsored espionage and disruptive attacks.
• China’s APT41 – This hacking unit combines financial cybercrime with espionage, targeting both government agencies and private sector companies.
• North Korea’s APT38 and APT43 – These threat actors focus on financial theft to support the regime, while UNC1069 and UNC4899 continue targeting cryptocurrency and blockchain businesses for illicit gains.

This intermingling of cybercrime and espionage makes cybercriminal networks far more dangerous than ever before, as their expertise is increasingly used to further state objectives.

A Call for Stronger Action Against Cybercrime

The GTIG report stresses that tackling cybercrime requires a new approach, one that treats it as a national security crisis rather than just a law enforcement challenge.

Key recommendations for policymakers include:

1. Prioritizing cybercrime as a national security threat – Governments must allocate intelligence and law enforcement resources accordingly.
2. Strengthening cybersecurity defenses – This includes better incentives for security best practices, investment in new protective technologies, and mandates for digital modernization.
3. Disrupting cybercrime networks – Authorities must target key enablers, such as ransomware developers, bulletproof hosting providers, and illicit financial intermediaries.
4. Enhancing global cooperation – Cybercrime is borderless, making international intelligence sharing and joint cyber operations critical.
5. Empowering businesses and individuals – Public awareness campaigns and stronger consumer protections are essential to reducing the success of cyber scams.
6. Encouraging private sector security improvements – Companies should adopt diverse security solutions, avoid vendor lock-in, and require interoperability across technology platforms.

Conclusion: Cybercrime Is a Global Security Crisis

Cybercrime has evolved into one of the most pressing national security challenges of the modern era. Whether through ransomware attacks on hospitals, economic sabotage, or collaboration with hostile governments, financially motivated hackers are reshaping the cybersecurity landscape.

Governments must step up their response, recognizing that today’s cybercriminals are not just financial opportunists—they are key players in a new era of geopolitical cyber warfare. The time for action is now.