Hacker Nation: the third largest economy in the world.

Over the past 40 years, hackers have evolved from worm attacks in the 1980s to fully funded organizations infiltrating some of the most profitable industries in the world. Today, cybercrime poses a serious threat to any company with an internet-connected device and continues to inflict significant economic damage worldwide.

The modern cyberattack can be traced back to the Morris worm of 1988. Before the World Wide Web had an impact, a small program launched from a computer at the Massachusetts Institute of Technology (MIT) spread astonishingly quickly. It infected about 6,000 of the approximately 60,000 computers connected to the Internet at that time. While it's difficult to calculate the exact damage caused by the Morris worm, estimates range from $100,000 to millions.

Over the decades, cybercrime has become more sophisticated, with threats reflecting geopolitical tensions, and hackers have gained notoriety. In 1999, a teenager hacked the Department of Defense and NASA, setting up a backdoor on their servers to download software worth $1.7 million. Fast forward to 2021, when the American company Colonial Pipeline was hit by a ransomware attack, forcing the company to shut down the pipeline and pay $4.4 million in Bitcoin. In 2023, the CIOp group exploited a zero-day vulnerability in MOVEit file transfer software, affecting 2,000 organizations and approximately 62 million people.

The scale of economic cybercrime

The United States, with a GDP of $25.44 trillion by the end of 2022, is the largest economy in the world. China follows in second place with a GDP of $17.96 trillion. However, cybercrime is growing at an alarming rate. In 2021, it caused global losses estimated at $6 trillion—about $2 trillion more than Japan's GDP, the country with the third-largest economy in the world. According to Evolve Security, cybercrime is expected to grow by 15% annually over the next five years. Forecasts from Statista indicate that the annual global cost of cybercrime will rise to nearly $24 trillion by 2027, compared to $8.4 trillion in 2022. In Germany, a study conducted by Bitkom showed that cybercrime caused total damages amounting to €206 billion, which is 5% of the country's GDP. Additionally, 62% of companies believe that cybersecurity threats are significantly greater, with phishing, password attacks, malware infections, ransomware, and SQL injections being the most commonly reported types of attacks.

New tools bring increased cyber threats.

With the development of artificial intelligence (AI) and machine learning, the digital threat is becoming increasingly intense. The implementation of technologies such as the Internet of Things (IoT) and Industry 4.0 opens up new vulnerabilities, and a growing number of attackers are using AI to enhance their hacking capabilities. Moreover, attackers are expanding their targets to include cloud environments and sensitive data stored in SaaS applications of companies. Cybercriminals are unpredictable; they collaborate across borders and adopt hierarchies and specialized roles, making them more difficult to track and pursue by law enforcement.

Don't forget about "analog" crimes? They are still relevant.

Cybersecurity breaches still occur due to non-digital or physical components of the system and are often overlooked. These non-digital areas include unauthorized access to secure data centers or other physical locations where confidential data is stored. Unprotected physical access allows employees or contractors to misuse confidential information for social engineering violations. Organizations should also be concerned about the improper disposal of confidential documents and the interference of malware that alters devices with malicious code. In addition to physical vulnerabilities, the software supply chain is also at risk. It remains a weak link capable of causing significant damage. Companies must not only adhere to their security protocols but also carefully examine the security practices of their suppliers. Furthermore, attackers continue to exploit social engineering attacks using deepfakes to spread ransomware, gain permissions, and access confidential data with relative success and ease, similar to phishing campaigns.

Strengthening protection against cybercrime

The GDP of cybercrime, amounting to $6 trillion, has made it the third-largest economic superpower in the world. No one is safe from attacks, from small shops on Main Street to financial giants on Wall Street. We are all targets, from Bulgaria to the USA. As these shadowy organizations become more organized and sophisticated, cybersecurity must evolve into a necessary business service, akin to energy or cloud services. The emergence of artificial intelligence and machine learning opens up vast opportunities for enhancing company productivity. At the same time, the application of these tools for malicious activities will lead to global disaster and chaos in the realm of intellectual property. Ignorance will be the Trojan Horse, opening networks to malicious users and continuing the flow of funds for cybercrimes. To eliminate the activities of this well-funded, boundless structure, we will need ongoing and comprehensive measures to strengthen the physical and digital components of devices, platforms, and systems. Without complete knowledge of all attack vectors, including partner systems in the supply chain, a trained employee base, and the application of sophisticated cybersecurity tools, organizations will continue to fall victim and inadvertently fund their criminals.