Cybercrime constitutes one of the main threats to destabilize national security, according to Google

Google has warned how CIBERDLINCENCIÓN has evolved during recent years to become one of the main threats to destabilize national security since it constitutes “most” of the malicious activity ‘online’ currently, by the hand of the malicious groups backed by states.

Within the framework of the meeting Munich Security Conference cybersecurity experts Threat Intelligence Group de Google (GTIG), They have shared the results of a new report in which they detail how cybercrime has evolved to become “a destabilizing force that threatens national security. “

Specifically, the report is based on the fact that, during the past year, the subsidiary cybersecurity company of Google, Mandiant, responded to almost four times more intrusions carried out by malicious actors with financial motivations that by groups supported by the State.

This highlights how Cyberdelinquence “constitutes most of the malicious ‘online’ activity“Currently, occupying” most of the resources of defenders “and, therefore, has become one of the main problems for national security.

Despite this, Receive less attention from national security professionals than the threat of groups backed by the State. “Although the threat of computer piracy backed by the State is considered, serious, should not be evaluated in isolation of intrusions with financial motivation,” the GTIG has detailed.

Thus, the CIBERDLINCENCIÓN It is also being used as Tool to facilitate piracy supported by the Stateallowing countries like Russia, Iran, China and North Korea, Acquire cyber abilities or use criminals to carry out operations led by the State, in order to steal data or cause disorders.

In the case of Russiawhere the use of “criminal abilities” has been identified to feed cybernetic support in its war with Ukraine. For example, the group promoted by Russian military intelligence APT44known as Sandwormuse ‘malware’ available in communities of cybercriminals, as well as Russian criminal companies and markets, to stock up and carry out espionage operations.

Specifically, this group has used ‘Malwares’ known as Darkcrystalrat (DCRAT), WARZONE, y Rhadamanthys Stealerwhich have expanded in Poland and Ukraine through methods such as’ phishing in emails.

The same goes for CIGARthe group of malicious actors known as Romcom, who has carried out espionage operations against the Ukrainian government since 2022. Likewise, its malicious activities directed to Ukraine and Europe Until last year, including campaigns that take advantage of platforms such as Microsoft Word, Firefox y Windows.

While Russia is the country to which it has been identified more frequently for resorting to resources from criminal forums, Iran It has also encouraged Iranian threat groups that display ‘ransomware’ to raise funds “while performing espionage simultaneously.”

As detailed since GTIG, in May 2024 they identified the UNC5203 Group, that used the mentioned Rhadamanthys Stealer rear door in an operation associated with the Israeli nuclear research industry.

In the case of China The same happens, where groups complement the espionage with their income obtained from cybercrime. Thus, Google has pointed out that in multiple operations The Chinese espionage operator has been observed UNC2286which carried out extortion operations using the ‘Ramsomware’ Steamtrain to “mask your activities.”

In addition to all this, GTIG researchers have underlined the case of North Korea, that uses Groups supported by the State to directly generate income for the North Korean regime. Specifically, these groups have attacked cryptocurrencies, compromising the portfolios of individual victims, as is the case of the group APT38.

Social cost of cybercrime

Another of the points that the report is about is the Social impact of cybercrequence, which encompasses from the economic destabilization of countries to their impact on critical infrastructure.

As detailed from GTIG, the effects of cybercrime go “much further” of money theft or data violation. These attacks by malicious actors They end up eroding public trust, destabilizing essential services And, “in the most serious cases, They cost lives. “

This is reflected in cases such as, as exemplified, when hospitals remain without access to their critical systems by cyber attack or the population’s electrical networks are interrupted.

In addition, according to the report, in the last three years it has been duplicate the percentage of publications in data filtration sites of the health sector. Also, the number of data filtration sites has increased almost 50 percent year after year.

That is why cybersecurity experts indicate that the impact of these attacks “It must be taken seriously as a threat to national securityregardless of the motivation of the actors behind. ”

International response with urgency

With all this, from Google they advocate the need for a “Comprehensive response“That includes a greater International cooperation y Improvements in cybersecurity To fight the current cybercrime ecosystem, which they define as “resistant.”

Taking this into account, the report details the need for “a new and more solid approach” that includes methods accompanied by “broad scope efforts” to improve defense and end the ability of these criminals, “Through borders and without respecting sovereignty. “

To do this, they have underlined the need for demonstrate that cybercrime It is one National Security Priority and assign resources accordingly. That is, to give priority to the collection and analysis of information on cybercriminal organizations, improve the capacity of security forces to investigate and promote international cooperation to dismantle international networks.

They have also recommended strengthening cybersecurity defenses, investing in Innovation and development Advanced security technologiespromoting digital modernization and supporting initiatives that improve the resistance of digital systems against attacks.

In addition, at the national level, from Google they have pointed out that a combination of “Legal, technical and financial measures” to dismantle infrastructure that support the operations of cybercriminals. They have also highlighted the need for Train individuals and companies in this arearaising awareness of cyberamezas and promoting cybersecurity education.

Finally, Google’s team has suggested Strengthen private sector security practices. “Political leaders must consider measures to give priority to technological transformation, including the adoption of technologies and products with a solid security history,” Google said.

With all this, the senior manager of the GTIG, Ben Read, has stated that the broad Cybercreence ecosystem “has acted as an accelerator of piracy sponsored by the State“, providing ‘malware’, vulnerabilities and, in some cases,” complete spectrum operations to states. ”

Therefore, although these threats have been considered different “for too long”, Read has opted for the fight against cybercrime for “Help defend themselves against attacks backed by the State. “