10 Facts About Nation-State Cybercrime That Impact Businesses

---

Every Organization is at Risk of Nation-State Trouble 

---

Nation-state cybercrime isn’t just a risk for businesses in certain sectors anymore. Advanced Persistent Threat groups (APTs) have expanded their scope of attack, hitting businesses that weren’t thought to be in danger of that kind of threat in the past.  That puts every business at risk as threat actors seek new ways to obtain information, strike targets and make money. The 10 facts about nation-state cybercrime illustrate today’s climate of risk and offer insight into protecting businesses from nation-state trouble. 

---

---

10 Facts About Nation-State Cybercrime That Impact Businesses 

---

1. An estimated 90% of Advanced Persistent Threat Groups (APTs) regularly attack organizations outside of the government or critical infrastructure sectors. 

2. There was a 100% rise in significant nation-state incidents between 2017-2021. 

3. Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021. 

4. 21% of nation-state attacks in 2021 targeted consumers   

5. 79% of nation state attacks in 2021 targeted enterprises 

6. 58% of all nation-state attacks in the last year were launched by Russian nation-state actors 

7. Ransomware is the preferred weapon of nation-state threat actors. 

8. The “big 4” sponsors of APTs are Russia, China, North Korea and Iran.  

9. Nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor 

10. The average nation-state-backed cyberattack costs an estimated $1.6 million per incident.   

---

---

Who Is Most At Risk?

---

Common Targets of Nation-State Attacks

Researchers took a look at nation-state attacks and determined who APTs were going after the most

Targets of Nation-State Cyberattacks	% of Total
Enterprises	35%
Cyber Defense Assets	25%
Media & Communications	14%
Government Bodies	12%
Critical Infrastructure	10%

Source: Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit   

---

---

5 Risks for Businesses to Watch Out For  

---

Protecting your company from these five risks will help reduce your chance of trouble from nation-state threat actors. 

1. Phishing and Social Engineering Traps 

This versatile weapon has opened doors for the bad guys into some of the world’s most secure systems. Phishing also has a low barrier to entry, making it perfect for APTs associated with less prosperous countries. The go-to tactic for launching credential phishing and ransomware campaigns, threats actors know that sophisticated, socially engineered phishing messages are effective and they’re right – 97% of employees can’t spot one. 

2. Supply Chain Risk from Evolving Tactics 

Nation-state threat actors have steadily stepped up their operations against non-government or military targets. They’re increasingly zeroing in on organizations that retain large amounts of data, provide services or form linchpins in the global supply chain. 60% of nation-state activity is directed at IT companies, commercial facilities, manufacturing facilities and financial services firms. 

3. Ransomware Profitability 

The preferred weapon of nation-state threat actors, ransomware and malware are multi-purpose tools that they are adept at wielding. Many nation-state groups pursue financial goals as well as political goals, and ransomware is a fast way for them to make money or obtain data to sell. Experts estimate that North Korea generates profits of up to $ 1 billion a year from cybercrime. 

4. An Abundance of Dark Web Resources 

Nation-state threat actors are benefitting from the booming dark web economy. Assets like username and password pairs go for as little as $0.97 per 1,000. It’s easy for them to buy what they need to get the job done in dark web marketplaces, or even find it for free – 50% of the resources utilized in nation-state attacks are easily and cheaply obtained on the dark web. 

5. The Rise of Cybercrime-as-a-Service  

Highly skilled, affordable labor is making it likely for APTs to outsource some operations by partnering with cybercrime-as-a-service outfits. 58% of experts believe that it is becoming more common for nation-state threat actors to recruit or hire cybercriminals to do their dirty work, cautioning that a brisk trade in tools and code will strengthen this symbiotic partnership 

---

---

Reduce The Risk of Nation-State Trouble

---

Nation-state attacks are more frequent and more dangerous today than ever before. The powerful solutions in the ID Agent Digital Risk Protection Platform can help reduce risk, educate employees and mount a strong defense against nation-state cybercrime. 

BullPhish ID is the ideal solution for organizations of any size to trust for security awareness and compliance training. Empower employees with the knowledge that they need to spot and stop the threat they see the most: phishing   

• Train users on subjects like compliance, credential handling, ransomware, industry regulations and more all in one place. At least 4 new training videos are added every month on the latest security and compliance issues.   
• Run memorable phishing simulations your way with plug-and-play kits or fully customizable kits to reflect your company’s unique needs and threats.   
• Enjoy a huge library of content in 8 languages with built-in quizzes and automated performance reports to prove value and see who needs more help.  

Stop credential compromise threats before they start by ensuring that your company isn’t going to receive a nasty surprise from the dark web with the award-winning power of Dark Web ID. 

• 24/7/365 best-in-class dark web monitoring that you can feel confident about.   
• Real-time search allows you to find compromised credentials in minutes. 
• Monitor business and personal credentials, domains, IP addresses and email addresses effortlessly.  

---

---

---