The technical ability of financial cybercrime gangs has become so advanced that the line separating their operations and nation-state activity has become non-existent, according to a threat report released this week (Tuesday 14 March) by FireEye's Mandiant division.
"While nation-states [governments and intelligence agencies] continue to set a high bar for sophisticated cyberattacks, some financial threat actors have caught up to the point where we no longer see the line separating the two," stated the report, titled M-Trends 2017.
It continued: "In 2016, financial attackers moved to custom backdoors with a unique configuration for each compromised system, further increased the resilience of their command and control (C&C) infrastructure, and employed improved counter forensic techniques.
"An attacker that is harder to detect, investigate and remediate is inherently more likely to remain in an environment to accomplish their mission. The line between the level of sophistication of certain financial attackers and advanced state-sponsored attackers is not just blurred – it no longer exists."
Last year, financial cyber-gangs rampaged against targets across the globe, the most notable of which was the massive hack at the Bangladesh Central Bank in February 2016 which lost millions of dollars. Additionally, a series of ATM hacks have plagued Asia over the past 12 months.
State-backed hacking, meanwhile, dominated the discourse around the US presidential election in November last year. It turned state hacking and cyber-espionage mainstream, with Russia reportedly orchestrating a sophisticated campaign to try and influence the result of the vote.
Furthermore, a joint report just released by the UK's National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) mirrored the Mandiant conclusion. It branded modern cybercrime as "varied and adaptable" while specifically calling out financial gangs as particularly notorious.
"The lines between different threat actors continues to blur as individuals and groups learn from, hire and work with one another," it reported.
"Criminal groups are imitating suspected nation state methodology in order to attack financial institutions, and more advanced actors are successfully using 'off the shelf' malware to launch attacks. Similarly some state actors are willing to conduct financial and intellectual property theft."
"In 2016 we saw cyber-attacks spread widely and publicly into areas such as elections and attackers became more sophisticated," said Stuart McKenzie, vice president of Mandiant. "We can see that organisations are improving, but there is still much to do."