A new Google report highlights the rise of cybercrime as a national security risk, driven by increased state-backed attacks.
Published ahead of the Munich Security Conference, research from Google Threat Intelligence Group and Mandiant highlights their 2024 investigations and insights from the past four years.
Mandiant reported handling almost four times more financially-driven intrusions than state-sponsored ones in 2024. Meanwhile, Google found that state-backed actors increasingly leveraged the expanding cybercriminal network for their own goals.
State-backed activity, they said, can no longer be evaluated “in isolation from financially-motivated intrusions.”
“The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read, senior manager at Google Threat Intelligence Group.
The report points out that while cybercrime continues to surge, it remains a lower priority for national security professionals compared to threats from state-backed groups.
The rise of cybercrime has helped state-sponsored hackers expand their operations, allowing governments to recruit talent, purchase cyber tools, or co-opt criminal networks. Countries like Russia, Iran, China, and North Korea have used cybercriminals to support their strategic initiatives.
According to Google, addressing cybercrime requires a different approach than combating nation-state attacks. Given its cross-border nature and the involvement of multiple independent groups, international collaboration is essential.
“Cybercrime has unquestionably become a critical national security threat to countries around the world. The marketplace at the center of the cybercrime ecosystem has made every actor easily replaceable and the whole problem resilient to disruption,” said Sandra Joyce, vice president of Google Threat Intelligence.
Researchers highlighted financially motivated cyberattacks on healthcare institutions as a major concern. Studies consistently reveal how ransomware attacks on hospitals negatively impact patient health outcomes.
