Amidst rising tensions and shifting priorities between global powers in cyber space, the most important threat to businesses is the growing professionalisation of cybercriminals as they carry out sophisticated attacks with impunity from hostile countries.
According to Howden’s cyber report, risks associated with cyber warfare and systemic events more generally – scenarios where single attacks trigger widespread failures across multiple organisations – remain a concern but worst-case scenarios have not yet come to pass.
Russia has openly stopped pretending to crack down on cybercriminals within its borders.
This was shown by a law passed last year that gives immunity to hackers committing crimes ‘in the interests of the Russian State.’
Rising cyber tensions among countries

Russia’s protection of cybercriminal groups has increased the global threat, especially since sanctions against Russia have left many skilled IT professionals unemployed or underemployed, making them more likely to turn to cybercrime for profit.
Russia aims for a contested and unsafe cyber landscape, believing it will harm Western powers more.
This is evident in their disinformation campaigns targeting global elections. This increased threat has also led to more aggressive espionage campaigns from Chinese state actors and stronger responses from their targets, according to Cyber Insurance & Risk Management report.
Repeat of Ukraine cyber conflict unlikely
It is hard to draw firm conclusions from the war in Ukraine on future conflicts. Ukraine has both an extremely resilient domestic cyber security ecosystem, as a result of years of preparation against Russian attacks, and has been supported by some of the world’s largest tech companies.
According to Global Cyber Risk Insurance Report, Russia has also been careful to contain the impacts of its cyber efforts in Ukraine to the conflict zone, despite its capability to launch attacks of greater scale and consequence.
Future conflicts could change, with worries about a war involving skilled cyber attackers who release highly destructive malware.
China stands out as a leading exploiter of zero-day vulnerabilities. In 2021, the Chinese government mandated reporting these vulnerabilities to authorities before public disclosure.
This law has significantly enhanced China’s offensive cyber capabilities, with Chinese groups being the most active in exploiting zero-days in 2023. Criminal groups often exploit state-backed hacking techniques once made public, especially targeting businesses slow to address new vulnerabilities.
Russia pivots to espionage

Russia’s Cyber Warfare in Ukraine over the last year have shifted away from disruptive and destructive attacks towards espionage and intelligence gathering, with the evolution of tactics reflecting reset expectations around the duration of the war.
The resilience of Ukraine, both militarily and in the cyber sphere, has changed the nature of the war, affecting Russian cyber efforts.
Sandworm, the most active Russian-backed group in Ukraine, has shifted from disruption to intelligence collection, focusing more on espionage to support Russia’s forces.
The blending of military and cyber goals shows that the objectives of cyber operations can be achieved more effectively with kinetic warfare. While Russian pre-war cyber attacks on Ukrainian energy infrastructure caused, at most, hour-long blackouts, nearly 80% of its electricity-generating capacity has now been lost in almost 180 aerial attacks.
Operations extend beyond Ukraine
The same actors are also running disinformation campaigns to coincide with a number of high- profile elections this year. Election interference is part of a wider effort from Russia to disrupt Western interests, including the use of mercenaries in Africa and funding fringe political parties, and should therefore not be seen as a ‘cyber only’ issue.
Cybercrime remains key threat to business

Cybercrime remains a huge threat to global businesses. Groups continue to favour easy attacks against the worst guarded victims, and a recent IMF report cited growing cyber inequality between organisations that are cyber resilient and those that are not.
Around half of all cyber breaches impact businesses with fewer than 1,000 employees and many small companies go out of business soon after falling victim to an attack.
Although many cybercrime groups operate independently from state-backing, the two are still often interlinked. This has been illustrated by the growing levels of cybercrime coming from Russia, as well as the targeting of companies by criminal groups for political reasons (see Cyber Risk Insurance Market Global Trends).
In December 2023, a pro -Palestinian operation claimed dozens of data breaches against Israeli firms, and in the same month a brewery company in the United States was targeted over their use of Israeli-made hardware.
Professionalization of cybercrime has impacted cybersecurity
The professionalization of cybercrime has impacted cybersecurity in recent years. This trend includes the rapid growth of threat actors, with specialized groups focusing on different parts of the supply chain, creating a more dangerous threat environment.
Many criminal groups now operate like professional businesses, with recruitment teams and corporate infrastructure.
A prime example is the Russian group AlphaLock, which uses a two-part business model to educate cybercriminals and weaponize them for profit against organizations, offering an affiliate program to join the hacking group.
Criminal groups typically operate to a business model that follows the path of least resistance. The explosion of Malware-as-a-Service (MaaS) and RaaS offerings is testament to that.
Other models being adopted include paying specialists to identify easy targets. Larger groups can also offer initial access to a corporate’s business infrastructure, such as a remote desktop or a CEO’s email account, to less sophisticated gangs who have sufficient knowledge and skills to exploit it for monetary gain.
All of which has created a wider ecosystem of cybercrime, where groups do not need to be highly proficient, or even ‘hack a company’, to make significant profits.
…………………….
AUTHORS: Milo Wilson – Lead Intelligence Analyst at XCyber, Bill Jarvis – Head of Intelligence at XCyber