It’s Me, Hi, I’m the APT: The Rise of Ecrime to Nation-State Levels

Selena Larson

It’s time to rethink what we consider “advanced, persistent threats.” Cybercriminals have spent years eroding people’s trust and confidence in the systems, businesses, governments, and communities most critical to our wellbeing. Now, as cybercrime actors begin adopting more technical similarities to state actors — zero days, improved social engineering, dynamic attack chains causing defender headaches — it's time to recognize the damage they’ve caused and continue to do is on par with some of the egregious attacks we've observed and attributed to state actors. 

Cybercriminals have amassed the money, resources, and techniques to operate at a level once thought the domain of government intelligence. And some of them have been known to work with state intelligence operations on the side. We have also seen examples of state actors adopting techniques first developed and perfected by ecrime actors.

For years cybercriminals have relentlessly targeted organizations globally, causing billions of dollars in losses and damages. Not only do these attacks disrupt business operations, they also impact people’s lives and livelihoods. Attacks can also cause follow-on problems and fear within communities— hospitals closing their doors leaving communities without care; stranded drivers waiting in gas stations for hours while nerves fray about potential shortages; classes canceled and students suffer while network outages plague educational institutions; the list goes on. The cyberwar is already here, and it’s being waged against some of the most vulnerable and critical systems supporting vital aspects of living in a healthy, functioning world.

Historically, people thought financially motivated attacks were “just cybercrime.” It’s time to change the industry’s thinking and recognize some of the most successful cybercriminals are the most persistent and sophisticated threats.