Why the Simplest and Most Effective Defense Against Cybercrime Is Knowing Your Enemy
It’s easy to underestimate how much dirty money flows through the global financial system annually. According to UN figures from the Office on Drugs and Crime, the global money-laundering bill is a colossal 2-5% of global GDP: putting the financial cost anywhere between $800 billion and $2 trillion US dollars.1 The balance between cybercrime and punishment sometimes benefits the criminals.
The range of threats is constantly evolving and expanding, from fairly primitive (but effective) phishing to cybercrime as a service. To ensure they don’t become victims of cybercrime, financial crime and compliance (FCC) professionals have to know as much as possible about the threat actors they’re facing.
From amateur bedroom hackers to multi-millionaire cybercriminals with the might of a rogue state behind them: in this article we’ll take a look at the world of cybercrime and punishment—who’s carrying out these attacks, the organizations they represent, and the global players. We’ll identify how these actors operate, what’s motivating them and how we can better defend against their attacks.
The Bedroom Hacker: Script Kiddies and Lone Individuals
Let’s begin at the lower end of the threat spectrum with amateur hackers, often referred to as “script kiddies.” Typically, they have limited technical skills and rely on pre-written scripts to power their attacks.
Their motivations include a combination of curiosity, the illicit thrill of hacking, or making money. Their techniques might include basic malware or phishing emails. None of these are particularly sophisticated threats, but the reality is that they don’t need to be. They can still cause significant damage, particularly to an organization with weak cyber defenses.
All it takes is one employee clicking on a malicious link in a single phishing email, and the result could be a significant data breach or financial loss. Companies need to defend every single attack—while the hackers only need to get lucky once to cause lasting, expensive, damage.
Defensive Takeaways
Here are some processes that FCC professionals need to have in place to combat these threat actors:
- Regular employee training on recognizing phishing attempts
- Implementing strong password policies
- Keeping cybersecurity software up to date
Insider Threats: The Danger Within
External threats get most of the attention, but we shouldn’t overlook the dangers posed from within an organization too. These can be malicious insiders, looking to exploit their own level of access, whether that means leaking sensitive customer data or selling proprietary information on the dark web.
There’s also the threat posed by good old-fashioned incompetence. Employees who have fallen victim to a phishing attack, or incompetently mishandled sensitive data, and impact their business unintentionally.
The final part of the trinity of insider threats is those who’ve been compromised: whether they’ve been unknowingly phished or unwittingly fallen victim to a social engineering attack that compromises their access and credentials.
Defensive Takeaways
Insider threats can cause data breaches, monetary losses, reputational damage, and legal penalties. Here’s how you can guard against them:
- Limit access to sensitive information
- Educate employees
- Monitor user activities
- Conduct regular audits
Getting Organized: Cybercrime Gangs
Climbing a few rungs up the threat ladder, we next encounter organized cybercrime gangs. These are tightly structured criminal networks with one main aim: large-scale financial gain.
Unlike amateur hackers, these groups are well-funded and highly skilled. They often specialize in specific types of fraud, e.g., ransomware attacks, business email compromise (BEC) schemes, and carding (credit card fraud).
Organized cybercrime gangs have notched up some hugely damaging attacks in recent years. They often operate on the dark web, where they buy and sell stolen data, tools, and services. They’re also known to work with other criminal networks, which allows them to expand their reach and capabilities.
One notable example is the Russian FIN7 group. It has targeted hundreds of organizations in the United States and Europe, including government bodies like the UK’s health service. Its sophisticated malware campaigns are estimated to have cost its victims a total of $3 billion since 2013.2
These gangs cause profound problems for financial systems. They have proven track records of inflicting large-scale financial losses, compromising sensitive data, and eroding trust in digital systems.
Defensive Takeaways
- Advanced threat detection tools
- Collaboration with law enforcement
- Robust compliance programs with anti-money laundering (AML) and know-your-customer (KYC) measures
- Joined-up surveillance systems (these are still too often siloed, with data relating to threats not shared between departments, each of which conducts security and risk management policies in isolation and leaves loopholes that can be exploited)
State-Sponsored: Advanced Persistent Threat Groups
At the top of the ladder we come to our apex predator: the state-sponsored cybercriminal. Also known as advanced persistent threat (APT) groups, these are backed by governments with political, economic, or military objectives.
Over the last decade, the line between our last two groups of nation-state actors and financially motivated cyber criminals has become increasingly blurred. For the nations involved—such as Russia, China, Iran and North Korea—the complex, nebulous nature of these cyber-attacks offers them plausible deniability.
Unlike other threat actors, their primary goal is often not financial gain (although they do fund state activities). Instead, it’s industrial espionage or geopolitical destabilization. For example, one report quoted a 20% increase in state-backed cyber-attacks on critical infrastructure.3
Nation-states like Russia, North Korea, and Iran, have well-documented offensive cyber capabilities.
- Russia is known for groups like Cozy Bear and Fancy Bear (part of the Five Bears), involved in election interference and ransomware campaigns.4
- North Korea’s Lazarus Group has carried out high-profile financial thefts, including its recent huge ByBit crypto heist worth $1.5bn.5
- Iran’s APT34 (OilRig) has targeted financial institutions and critical infrastructure in the Middle East and beyond and uses a vast array of cyber techniques and tools.6
Defensive Takeaways
APT groups pose a uniquely dangerous threat to individual organizations, with their high level of resources, advanced techniques, and geopolitical motivations. Responding to these threats requires a multi-pronged defense:
- Enhanced monitoring to identify state-sponsored tactics
- International cooperation
- Adherence to global compliance standards
From Bedrooms to Beyond Borders: Expanding Your View of Cybercrime and Punishment
The world of financial crime is extensive–and expanding. For FCC professionals, understanding these threats (and who poses them) is the first step in defending against them.
With threat actors ranging from lone individuals to state-sponsored groups, each requires its own bespoke approach. With the right strategy, people, tools and culture in place, you can stay one step ahead in the world of cybercrime and punishment.
To find out more about what you can do to stay ahead of the threat(s), download our whitepaper, “Cracking the Code: How to Combat Digital Deception across the AML & KYC Landscape.”
1 “Money Laundering,” United Nations, Office on Drugs and Crime.
2 “The Stark Truth Behind the Resurgence of Russia’s Fin7,” KrebsonSecurity, July 10, 2024.
3 “’Disturbing’ Rise in Nation State Activity, Microsoft Reports,” James Coker, Infosecurity Magazine, November 4, 2022.
4 “The Five Bears: Russia’s Offensive Cyber Capabilities,” Oscar Rosengren, Grey Dynamics, March 7, 2024.
5 “North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack,” Joe Tidy, BBC, March 9, 2025.
6 “OilRig Exposed: Unveiling the Tools and Techniques of APT34,” Picus Labs, October 13, 2024.
