Get your FREE Cyber Health Check Today
Back to all News

The Cybercriminals – from Nation State to Criminal Gangs

January 27, 2025

Back to all News

The Digital Age Criminal Business Model

Below you will find a very high-level overview of Cyber threat actors, and an explanation of why an SME can be targeted by highly sophisticated hacking tools, just as easily as a large corporate. 

This is not a list of the groups or the typical threats any one cyber group may pose but sets out to make all SMEs aware, in general terms, what they are up against.

Want to get a quick assessment of your organisation's vulnerability to these cyber threats? Take our free Cyber Health Check now.

Nation States

The most well-funded and sophisticated hacking tools Western companies face originate, generally, in one of five Countries – China, Russia, Iran, Pakistan and North Korea.

These countries have developed “state proxy” hacking groups that provide plausible deniability of involvement in cyber attacks. 

Given state backing the groups have the time, motivation, resources and skills, to develop sophisticated forms of attack and hacking tools. 

Attacks can be designed and mounted for a variety of outcomes, using methods that may never have been seen before, so called ‘zero-day attacks’.

Nation State Proxies to Global Hackers

However, once the Nation State proxy has launched its attack, it is in many ways open and available to be studied and copied by cybercriminal gangs around the world. 

Hackers of all persuasions can now all see, access and build similar tools and malware to then use for purely criminal purposes. 

Indeed, some of the state proxies and criminal gang personnel are the same. Once the ‘states’ mission has been achieved the criminal gang is free to use the malware.

So, the highly sophisticated Nation State hacking tool is now available to use like a Martini – any time, any place, anywhere against any company.

And to make matters worse, the Cybercriminals operate in a sophisticated business-like way.

Cybercrime Business Model and Supply Chains 

Cyber-criminal gangs/entities have grown ever more sophisticated as has their level of specialisation and interaction. 

They have developed an ‘as a service’ model, where they specialise in one core competency and interact with other gangs who provide their own core competencies. 

This results in a cybercrime supply chain which has carefully planned and compartmentalised business models. 

As cybercriminals create better revenue-generating business models, they need external people with very specialised skills. This results in a cybercriminal marketplace where different entities offer goods and services, which are exchanged on the forums where hackers hire and cooperate with one another. 

Want to learn more about building a cyber-resilient business that can withstand these evolving threats? Find out more in our blog post Building a Cyber-Resilient Business

The result is a marketplace where gangs know that they can’t do it all and remain economically viable. 

The result, for example, may be that gang 1 specialises in establishing beachheads on a company’s network, and gang 2 specialises in deploying the ransomware itself. 

A commission-sharing arrangement or some other form of payment for the “services” is agreed.

Where is the Marketplace? 

It isn’t just on the so-called “dark web”. Instead, there is a set of websites, forums, platforms, and instant messaging channels that cyber criminals use to communicate. 

This can be accessed with a normal browser without having to go into the dark web. 

There may be a sign-in page, or an introduction made by an existing member to allow you to enter the sites, etc. Once in it’s a world advertising cybercriminal services and products. 

Criminal Business Behaviour and Reputations

Call-centres, payment terms and conditions are just some of the services cyber gangs offer to their victims, who they see as clients!

And reputations matter in a repeat business – If they have deployed ransomware and demanded a payment to release it, once paid they will want to be seen as doing what they said they would do. A reliable criminal!

Concerned about the increasing number of cyberattacks targeting small businesses? Our blog post Why Your Small Business is a Prime Target for Cyberattacks, and How to Fight Back offers practical advice on how to fight back and protect your organisation. 

Need help navigating the complex world of cybercrime and protecting your business? 

Contact Digital Oversight today for expert guidance and support.

Related posts

The Blended Threat: Physical and Cyber security

When the term Cyber is used, most people immediately think of companies losing data, ransomware attacks, or online services being lost. In other words, the Digital impact.
Read more

Your Cyber Ecosystem Risk is Fraught with Dangers

Any reflection on cyber security must consider the digital eco system your business operates within. 
Read more

Strengthening Your Business Against Cyber Threats

In the current global digital landscape, it’s no secret that cyber threats are evolving at an alarming rate. Businesses of all sizes, from small startups to large corporations, are at risk of falling victim to cybercriminals. 
Read more

Web Application Security – SecDevOps

Businesses rely heavily on web applications to engage with customers, streamline operations, and drive revenue. As the digital eco-system expands and cyber threats grow in complexity and frequency, integrating security into every phase of software development is essential for safeguarding valuable data, maintaining customer trust, and ensuring the resilience of business operations. 
Read more

Benefits of Cyber Risk Quantification

As the cyber threat landscape continues to evolve, organisations face increasing pressure to manage their cybersecurity risks effectively. For executives and Boards, understanding and prioritising these risks in a way that aligns with business objectives can be a daunting challenge. 
Read more

Why Your Small Business is a Prime Target for Cyberattacks, and How to Fight Back

Cybercriminals more frequently target small and medium-sized businesses (SMEs) than large companies, often due to their lack of security resources. Small businesses are three times more likely to be targeted by cybercriminals than larger companies. 
Read more

The Strategic Benefits of Vulnerability Management and Scanning

In an evolving cyber threat landscape, complacency can be your downfall. Assumptions about the security of your IT environment can leave you vulnerable to attacks, which are becoming more and more sophisticated.
Read more

How to Prepare for EU DORA Ahead of January 2025

The EU Digital Operational Resilience Act (DORA) is shaking up the financial industry. This game-changing regulation sets a new standard for operational resilience and cybersecurity within the European Union.
Read more

A Complete Guide to Cyber Vulnerability Management

In the world of cybersecurity, there's a chilling truth: it's not a matter of if you'll be attacked, but when. As Robert S. Mueller, former Director of the FBI, aptly put it a number of years ago..
Read more

A Threat-Led Approach to Cyber Defence

Adopt a proactive, risk-based approach to cyber defence with threat intelligence integration, ensuring resilience against evolving cyber threats.
Read more

Cyber Vulnerability Scanning: A Complete Guide

This guide explains how proactive vulnerability scanning reduces security risks, ensures compliance, and strengthens business reputation by identifying and addressing system weaknesses before cybercriminals can exploit them.
Read more

Why UK Companies Need to Prepare For The EU's DORA

DORA, an EU regulation effective January 2025, mandates strong cybersecurity for financial institutions with EU ties. UK companies, even if not EU-based, must comply if they serve EU clients or use EU-based ICT providers. Non-compliance risks fines, reputational damage, and loss of EU business.
Read more

Building a Cyber-Resilient Business

Cybersecurity is a strategic business risk, requiring senior management oversight and partnerships across all functions, including insurers, to create resilience and protect operations, revenue, and reputation from cyber-attacks.
Read more

Four Corners Model

The digital economy today, the interconnectedness and interdependence of business operations, and the controls that are in place, are constantly challenged by cyber threat actors and the increasingly sophisticated attacks they deploy. 
Read more