NCA: Nation States Using Cybercrime Groups as Proxies

Written by

The new chief of the UK’s National Crime Agency (NCA) has warned that hostile states are increasingly teaming up with organized cybercrime groups.

Graeme Biggar made the comments as part of his first public speech as director general of the agency, to launch its National Strategic Assessment.

Read more on the NCA: Kids as Young as Nine Have Launched DDoS Attacks.

He warned of the “emerging links” between the serious and organized crime groups which the NCA is tasked with disrupting, and nation state operations in cyberspace.

“North Korea has for some time used cybercrime to steal funds and more recently cryptocurrency. The Russian state has long tolerated and occasionally tasked the cybercrime groups on its territory, and had links with its oligarchs and their enablers,” Biggar explained.

“But over the last year we have begun to see hostile states beginning to use organized crime groups – not always of the same nationality – as proxies. It is a development we and our colleagues in MI5 and CT [counter-terrorism] policing are watching closely.”

The link between nation states and cybercrime groups was laid bare by HP in a report last year, which claimed that the latter can be used to enhance plausible deniability for attacks, whilst also providing off-the-shelf attack tools for state-sponsored hackers to use. On occasion, some nation state operatives have even been allowed to moonlight for their own gain, it added.

Cyber played a major role in enabling criminality in the UK last year, with the threat from online fraud and ransomware particularly acute, Biggar claimed.

Fraud is now the most common crime type in England and Wales, accounting for 41% of the total and 40 million victims in 2022, according to ONS figures cited in the NCA report.

“The internet has enabled fraud to be undertaken at scale, anonymously, and from overseas. We assess that 75% of fraud is partially or fully committed from overseas,” Biggar claimed.

“Generative AI is also being used to make fraud more believable, through the use of ever better deepfake videos and ChatGPT to write more compelling phishing emails.”

He also blamed online cybercrime marketplaces for helping to perpetuate both fraud and ransomware, and called out the ransomware-as-a-service model and double extortion for giving criminal gangs an upper hand.

Some 84% of ransomware incident reports to Action Fraud in the 2021-2022 financial year were made by organizations, according to the national fraud center.

“The impact of such attacks can be significant but the solution can be simple: basic cybersecurity will defeat most attacks and it is important all organizations invest in it,” Biggar said.

What’s hot on Infosecurity Magazine?