Abstract: The history and evolution of cybercrime is a complex yet flourishing and lucrative industry. With threat actors constantly emerging, many infrastructures worldwide are constantly under threat. Countries such as the UK and the U.S. have been the most vulnerable with their Western democratic culture, which is an ideal target for threat actors originating from countries such as China, Russia, and North Korea. These countries have played a major role in orchestrating sophisticated cyberattacks on critical infrastructure and financial systems. While highlighting the vulnerabilities that independent hackers and state-sponsored groups specifically target, it will inevitably aid the cybersecurity community in preparing for any future trends.
Problem statement: Can developing infrastructure in countries prove to be sufficient in combatting global cybercrime?
So what?: The rising threat of cybercrime is no longer just a concern for tech experts; it’s a global crisis that demands urgent attention. Countries like the UK and U.S. find it increasingly difficult to defend against relentless cyberattacks from international hackers and hacktivists, putting millions of citizens at risk each year. Addressing this challenge in the digital era requires a collective international effort, particularly focused on bolstering infrastructure in developing countries. Strengthening cybersecurity frameworks in these regions is critical to levelling the playing field and enabling them to compete effectively with advanced economies such as the EU, U.S., and UK. Investments in robust digital infrastructure can mitigate data breaches and systemic disruptions while fostering economic stability. For example, enhancing cybersecurity in nations like the Philippines could pave the way for greater economic growth and strengthen global reciprocity by integrating these economies into the digital frontier.
Source: shutterstock.com/Ground Picture
The Evolution of Cybercrime
Since the early 2000s, cybercrime has evolved into a lucrative enterprise, generating an estimated $1.5 trillion annually. A complex web of criminal organisations operates with the sophistication of legitimate businesses, engaging in various illicit activities. One notable incident from this period was the ILOVEYOU virus, also known as the Love Letter virus, which emerged in the early 2000s. This phishing attack infected over 10 million devices worldwide and caused billions of dollars in damage. Originating from an amateur hacker in the Philippines, the incident exemplifies how individual actions can reverberate globally, highlighting the far-reaching consequences of cybercrime.[1]
Fast forward a decade, and Iran encounters the Stuxnet worm—regarded as the world’s first “digital weapon.” This highly sophisticated attack targeted Iran’s nuclear facilities, sabotaging its uranium enrichment efforts. Believed to have been developed by U.S. and Israeli intelligence agencies, Stuxnet represents a significant escalation in cyber warfare, showcasing the intricate intersection of national security and cyber operations.[2], [3]
Stuxnet represents a significant escalation in cyber warfare, showcasing the intricate intersection of national security and cyber operations.
In 2017, the WannaCry ransomware attack further demonstrated the vulnerability of critical infrastructure. This malicious software affected over 200,000 computers across 150 countries, with the UK’s National Health Service being particularly hard hit. The attack caused significant disruptions to hundreds of primary care organisations, including 595 General Practitioners (GP). Thousands of appointments and operations were cancelled. According to the NHS, the impact was far more severe due to outdated, unpatched Windows systems, which could have been easily avoided with patching systems and managing firewalls. The presumed attackers were allegedly linked to North Korea, underscoring the international implications of state-sponsored cyberattacks and their capacity to disrupt essential services.[4], [5], [6]
The catastrophic SolarWinds breach in 2020 marked another significant moment in cybersecurity history. Russian intelligence operatives exploited a compromised software update, infiltrating an estimated 18,000 private and government networks. This breach exposed vast amounts of sensitive data, including financial information, source code, and user credentials. The repercussions of this attack continue to be felt, emphasising the urgent need for robust cybersecurity measures.[7], [8]
The hacking group, identified as Nobelium and directly linked to the Russian intelligence service, illustrates the ongoing threats posed by state-sponsored cybercriminals. This incident was not the first encounter with Russian hackers; previous attacks by the Cozy Bear group further highlight the persistent nature of these threats. Notably, the malicious code known as Sunburst, introduced during the SolarWinds attack, represents a sophisticated form of digital infiltration. Additionally, Microsoft identified another actor, a suspected Chinese group called Supernova, which underscores the increasingly global nature of cyber threats.[9], [10]
What Can the U.S. & UK Expect for The Future
Shifting gears to the Future, although cybercrime is unpredictable, there is reason to believe it can still be tracked to determine its desired target. One notable trend is the continued rise of the Business Email Compromise (BEC), which accounted for 29.7% of the total incidents investigated by Arctic Wolf’s Incident Report.[11] According to the World Economic Forum, “the global cost of cybercrime is expected to surge in the next four years, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028.”[12] Furthermore, data from Statista, based on FBI statistics, reveals that investment fraud constituted approximately 37% of all reported monetary losses. This type of fraud is particularly enticing for hackers due to its potential for “large returns with minimal risk,” as defined in the reports. Approximately $3 billion was lost due to compromised business email accounts resulting from malicious actors and phishing.[13]
Among the costliest types of cybercrime on the rise globally, government impersonation leads to losses totalling $394 million, reflecting a staggering 63.8% year-on-year increase. Following closely is investment fraud, amounting to $4.57 billion, with a 38.0% year-on-year rise. Business Email Compromise (BEC) ranks third, resulting in losses of $2.947 billion, marking a 7% year-on-year increase. These statistics illustrate the financial losses from worldwide cybercrime complaints reported to the FBI in 2023, categorised by attack vector.[14]
Among the costliest types of cybercrime on the rise globally, government impersonation leads to losses totalling $394 million, reflecting a staggering 63.8% year-on-year increase.
Given these statistics and the shifting dynamics within the cybercrime market, it is imperative to focus on securing the investment and business sectors. The data indicates a growing interest in these areas, especially as technology continues to develop.
Current Landscape of Technological Advancement
In today’s competitive landscape, the countries leading the world in science and technology in 2023 include Switzerland, Sweden, the U.S., the UK, and Singapore.[15] According to researchers from the World Economic Forum (WEF), Switzerland retains its top position for the 13th consecutive year, focusing on research institutions alongside high levels of R&D spending. Sweden emphasises business innovation, while the U.S. is home to Silicon Valley and world-renowned universities. The UK excels in knowledge-intensive services and global R&D companies, ranking third in market sophistication. With its strategic location, pro-business policies, and emphasis on knowledge-based industries, Singapore stands as the highest-ranked Asian country.
Four critical reasons emerge to thrive in this competitive age: compliance with international standards, reciprocity, trade, and adherence to EU regulations, particularly for member states. Meeting these standards not only fosters economic growth and enhances global market presence but also minimises the compliance burdens that often erode initial profits for organisations and nations engaged in trade.
Strategic approaches to achieving this include reducing compliance costs, promoting transparency, and mitigating risks. Practical measures, such as supporting the unique needs of small and medium enterprises (SMEs), enhancing competitiveness, and fostering innovation, can help organisations and nations effectively navigate these challenges. By implementing these strategies, businesses and countries can thrive in a more integrated and equitable global marketplace.[16]
Nevertheless, Noncompliance with international standards can significantly hinder a country’s efforts to boost its economy and integrate into the global market. However, adhering to these standards is often unattainable for many nations due to unreasonable demands, ongoing armed conflicts, or challenges to their core ideals and sovereign rights. For instance, countries like Haiti and Egypt face unique hurdles rooted in their historical and socio-political contexts. Haiti continues to grapple with widespread corruption, frequent natural disasters, endemic poverty, and rampant gang violence, all of which undermine its capacity to align with international norms. Similarly, Egypt confronts challenges such as systemic corruption, public distrust in governance, and military-driven violence, which complicate its ability to meet global expectations.
While the European Union (EU) champions goals such as promoting peace, fostering sustainable development, and encouraging economic growth, achieving these aspirations requires more than imposing standards. Nations like Haiti and Egypt need collaborative partnerships rather than isolation. Major powers such as the EU, U.S., and UK must adopt an inclusive approach. Prioritising development and opening opportunities rather than focusing solely on sovereignty concerns. This strategy can empower struggling nations to overcome structural challenges and contribute meaningfully to the global system.[17], [18], [19], [20]
While the EU champions goals such as promoting peace, fostering sustainable development, and encouraging economic growth, achieving these aspirations requires more than imposing standards.
Exploring Opportunities for Developing Countries
For developing countries, adhering to international standards can unlock export opportunities, create networks, and combat constraints like natural disasters, facilitating rapid growth. The Caribbean region faces significant challenges in overcoming technical trade barriers, a trend mirrored in many African countries rich in resources that present numerous export opportunities. As an economist noted, “the lack of harmonisation of technical regulations across African countries could impede businesses’ ability to tap the maximum benefits of the African Continental Free Frade Agreement.”[21]
According to a new World Bank study, increasing Foreign direct investment (FDI)- both from within and outside of Africa is expected to bring fresh capital, technology and skill. In turn, this will raise the living standards and reduce Africa’s dependence on volatile commodity exports. In this scenario, real income would rise to 8% in 2035%, and the number of people in extreme poverty would fall by 45 million. With the addition of support from the AFCFTA, Africa could see an increase in FDI by 111%-159%. The AFCTA also promises to bring higher-paid, better-quality jobs, with women seeing the biggest wage gains.[22]
The AFCTA promises to bring higher-paid, better-quality jobs, with women seeing the biggest wage gains.
In Caribbean countries such as Haiti, improving the economy through Foreign Direct Investment (FDI) in sectors like infrastructure, energy, agriculture, and tourism holds significant potential. Still, this path is complicated by both internal instability and external interventions. As Jemima Pierre notes, foreign involvement, particularly from the U.S., has often exacerbated Haiti’s turmoil by supporting unpopular leaders and intervening in the country’s governance. While FDI could inject much-needed capital into critical areas, political instability, corruption, and weak institutions have made it difficult to attract long-term investment. Moreover, foreign interventions have sometimes undermined Haiti’s sovereignty, contributing to cycles of unrest. For Haiti to achieve true self-sufficiency and long-term stability, it must regain control over its political and economic processes, ensuring that external investments align with the country’s interests rather than exacerbating its vulnerabilities.[23]
Understanding Reciprocity
Reciprocity serves as a fundamental mechanism for compliance in international law, functioning positively or negatively. It is a crucial building block of human societies, as reflected in Article 60 of the Vienna Convention on the Law of Treaties. The benefits of reciprocity can include tariff concessions when international labour organisations are ratified. Conversely, violations can lead to reputational damage, internal penalties, and the potential withdrawal of benefits, thus jeopardising international relations.[24]
A proactive approach that fosters good Relations without expecting immediate returns can be a crucial first step in building sustainable international partnerships. However, this is complicated by the fact that developing countries are often exploited by more powerful states, leaving them in worse positions after external interventions. Negative reciprocity may contribute to economic stagnation or disruption. In theory, when countries focus too heavily on punitive measures (whether through tariffs, sanctions, or other forms of retaliation), they create barriers that limit economic cooperation.
The concept of “uninvited debts” is particularly compelling. When countries offer assistance or concessions without explicit expectations of return, they create a sense of indebtedness or obligation, which may lead to future cooperation. This can be seen in development aid programs or natural disaster crises. Fostering a sense of mutual responsibility could create a more balanced and sustainable international environment. The risk is that one party might take advantage of the situation, but if the relationship is based on trust and long-term vision, this dynamic could shift. However, there should be great emphasis on making the first move. International relations depend on trust, cooperation, peacebuilding, and collaboration, all of which ultimately benefit all parties involved.[25]
International relations depend on trust, cooperation, peacebuilding, and collaboration, all of which ultimately benefit all parties involved.
The Role of Trade and EU Law
The World Trade Organization (WTO) encourages countries to acknowledge each other’s procedures for assessing product conformity. This cooperation helps ensure that products are not subjected to duplicate testing—once by the exporting country and again by the importing country. One strategy for enhancing compliance with these standards is the implementation of mutual recognition agreements (MRAs), which allow countries to accept the testing and certification results from each other’s accredited bodies. Such agreements reduce costs, increase efficiency, and promote greater market access by harmonising regulatory requirements. Another key approach is the adoption of international standards such as those set by the International Organization for Standardization (ISO), which provides universally accepted criteria for product quality, safety, and environmental impact. By aligning with these standards, countries and companies improve their competitiveness while ensuring the safety and reliability of their goods on the global stage.[26], [27]
Furthermore, EU member states play a pivotal role in ensuring that EU law is implemented effectively and promptly, which is vital for people and businesses to benefit from the established rules. A key strategy for adherence to EU law is the national transposition of EU directives into domestic legislation, ensuring that all member states align their national laws with EU-wide legal frameworks. This process is essential for the uniform application of EU law, particularly in areas such as trade, competition, and environmental protection. Another important measure is the establishment of competent authorities at the national level to monitor and enforce EU regulations, ensuring that businesses comply with EU standards, such as those relating to consumer protection, product safety, and data privacy. Member states can also enhance compliance by investing in capacity-building programs for businesses, offering training on how to navigate EU regulations, especially for SMEs that may lack the resources to fully understand complex EU law.
Additionally, fostering greater collaboration between national regulators and EU institutions, such as the European Commission, can help streamline procedures and address regulatory challenges more cohesively. This cooperation is especially important in sectors like digital trade, where rapid technological developments require agile regulatory responses. By taking these steps, EU member states can ensure that their businesses remain competitive within the EU single market and can maximise their opportunities in global trade.[28]
EU member states can ensure that their businesses remain competitive within the EU single market and can maximise their opportunities in global trade.
Government Involvement in Cybercrime
Russia has been involved in various cybercrimes in 2023, including spam emails, for which it was responsible for over 30% of all spam emails worldwide. Additionally, the Russian hacking group DarkSide orchestrated the Colonial Pipeline ransomware attack in May 2021, marking the largest cyberattack on U.S. energy infrastructure in history. Russian hackers have also targeted major hospitals in London, disrupting blood transfusions, test results, and operations.[29] Cyber espionage activities attributed to the Russian foreign intelligence service (SVR) include the SolarWinds compromise, showcasing the broader implications of Russia’s cyber strategies.[30] Russia’s Cybersecurity Strategy aims to safeguard national interests, assert sovereignty in cyberspace, and influence global dynamics.
The PRC has also been deeply involved in cybercrime, exemplified by the Volt Typhoon, a state-sponsored advanced persistent threat (APT) that has targeted critical infrastructure in the U.S. and other nations. In January 2024, U.S. authorities disrupted this threat group, which had maintained access to critical infrastructure for at least five years.[31] Another APT, known as APT 31, has been accused of high-profile attacks, including targeting the personal emails of Joe Biden’s campaign staff in 2020. Additionally, APT 40, a Chinese cyber espionage group, focuses on countries strategically important to the Belt and Road Initiative. Other hacking groups, such as Charcoal Typhoon and Salmon Typhoon, have used OpenAI services to research companies and intelligence agencies. In 2023, the PRC experienced a surge in cyber scams, including social media fraud, telecom fraud, and fraudulent IPOs.[32]
North Korea is notorious for its diverse range of cybercrimes, including cryptocurrency heists. The Lazarus Group, a North Korean hacking organisation, has stolen millions of dollars in cryptocurrency, including $615 million from the Ronin blockchain project.[33] North Korea has also conducted ransomware attacks targeting healthcare organisations, COVID-19 research facilities, and pharmaceutical companies, with the attackers demanding cryptocurrency in exchange for the release of private information, taking advantage of the increased anxiety of the pandemic.[34] Moreover, the country has executed social engineering campaigns against employees in the cryptocurrency and decentralised finance sectors to steal funds and deploy malware. According to estimates from the South Korean defence ministry, “North Korea has nearly 7,000 hackers on its payroll, typically organised into teams of 5-10 with specific objectives,” with each member allegedly generating $200-300K USD worth of foreign currency each month.[35] In addition to money laundering, North Korea has targeted U.S. Air Force bases, NASA, and defence companies in attempts to steal nuclear secrets. The U.S. intelligence community considers North Korea to be a leading cyber threat actor.[36]
The U.S. intelligence community considers North Korea to be a leading cyber threat actor.
A Pressing Global Crisis
The rise of cybercrime is not just a technological challenge but a pressing global crisis that requires immediate attention. From early attacks like the ILOVEYOU virus to sophisticated state-sponsored operations such as the SolarWinds breach, the evolution of cybercrime has been rapid and devastating. Nation-states, criminal organisations, and lone hackers alike have found immense financial and strategic gains in this $1.5 trillion industry, leaving countries and citizens vulnerable to massive financial losses and data breaches. As cyberattacks become more frequent and advanced, the costs are projected to surge dramatically in the coming years, putting critical infrastructure, national security, and personal privacy at risk. The future demands a stronger, collective effort in cybersecurity to protect against this growing threat and to ensure a safer digital environment for all. Failure to act could lead to far-reaching consequences, affecting economies, societies, and global stability.
Addressing this challenge in the digital era requires a collective international effort, particularly focused on bolstering infrastructure in developing countries. Strengthening cybersecurity frameworks in these regions is critical to levelling the playing field and enabling them to compete effectively with advanced economies such as the EU, U.S., and UK. Investments in robust digital infrastructure can mitigate data breaches and systemic disruptions while fostering economic stability. For example, enhancing cybersecurity in nations like the Philippines could pave the way for greater economic growth and strengthen global reciprocity by integrating these economies into the digital frontier. Such initiatives are vital not only for individual nations but for global digital resilience, as cyber threats recognise no borders. By prioritising international collaboration and development in cybersecurity, the global community can create a more secure and equitable digital landscape.
Joshua Paul-Mendoza is a dedicated Homeland Security major with a focus on Cyber Security and Social Work at Roberts Wesleyan University in the U.S. His passion for service is reflected in his previous volunteer work as a firefighter and his participation in AFJROTC. Motivated by a commitment to combat human trafficking and address issues of corrupt politics, Joshua aims to contribute to the creation of a more just and equitable world. Currently, he is furthering his professional journey through an internship with The Defence Horizon Journal. The views contained in this article are the author’s alone.
[1] Arctic Wolf, “A brief history of cybercrime,” April 19, 2024, https://arcticwolf.com/resources/blog/decade-of-cybercrime/.
[2] Idem.
[3] Josh Fruhlinger, “Zero days explained: How unknown vulnerabilities become gateways for attackers,” CSO, August 31, 2022, https://www.csoonline.com/article/565704/zero-days-explained-how-unknown-vulnerabilities-become-gateways-for-attackers.html.
[4] Kaspersky, “What is WannaCry ransomware?,” August 31, 2022, https://www.kaspersky.com/resource-center/threats/ransomware-wannacry.
[5] Arctic Wolf, “A brief history of cybercrime,” April 19, 2024, https://arcticwolf.com/resources/blog/decade-of-cybercrime/.
[6] National Audit Office, “Investigation: WannaCry cyber-attack and the NHS,” October 27, 2017, https://www.nao.org.uk/reports/investigation-wannacry-cyber-attack-and-the-nhs/.
[7] Saheed Oladimeji, Sean Kerner, “SolarWinds hack explained: Everything you need to know,” TechTarget, November 03, 2023, https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know.
[8] Arctic Wolf, “A brief history of cybercrime,” April 19, 2024, https://arcticwolf.com/resources/blog/decade-of-cybercrime/.
[9] Saheed Oladimeji, Sean Kerner, “SolarWinds hack explained: Everything you need to know,” November 03, 2023, https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know.
[10] Joshua Paul-Mendoza, “SolarWinds Hacking Breach,” April 19, 2023, https://1drv.ms/w/c/628f705c0b05501c/Eb2bsebh74JNvxMwKhtrQ7IBaLO62nJ2KT9szTED0h6PBQ?e=DnDJC7.
[11] Arctic Wolf, “A brief history of cybercrime,” April 19, 2024, https://arcticwolf.com/resources/blog/decade-of-cybercrime/.
[12] Anna Fleck, “Cybercrime Expected To Skyrocket in Coming Years,” Statista, February 22, 2024, https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/.
[13] Florian Zandt, “The Costliest Types of Cybercrime,” Statista, May 31, 2024,
https://www.statista.com/chart/27097/most-expensive-types-of-cyber-crime-us/.
[14] Florian Zandt, “The Costliest Types of Cybercrime,” Statista, May 31, 2024,
https://www.statista.com/chart/27097/most-expensive-types-of-cyber-crime-us/.
[15] World Economic Forum, “These are the world’s leading science and technology hotspots,” October 16, 2023, https://www.weforum.org/agenda/2023/10/innovation-technology-wipo-countries-ranking/.
[16] ISO, “How Standards can lead to better lives,” September 09, 2019, https://www.iso.org/news/ref2427.html#:~:text=International%20standards%20can%20bring%20about,age%20will%20get%20left%20behind.
[17] United Nations, “States Not Adhering to International Obligations Undermine Rule of Law, Sixth Committee Delegates Say, as Debate on Principle Concludes,” October 14, 2019, https://press.un.org/en/2019/gal3597.doc.htm.
[18] OAG, “5 Ideas on how local government can support local business,” Open Access Government, October 21, 2022, https://www.openaccessgovernment.org/5-ideas-on-how-local-government-can-support-local-business/146331/.
[19] Eva Rytter Sunesen, “Better regulation, stronger Europe,” Implement Consulting Group, November 05, 2024, https://implementconsultinggroup.com/article/better-regulation-stronger-europe.
[20] EU, “Aims and values” Principles and values,” https://european-union.europa.eu/principles-countries-history/principles-and-values/aims-and-values_en.
[21] ISO, “How Standards can lead to better lives,” September 09, 2019, https://www.iso.org/news/ref2427.html#:~:text=International%20standards%20can%20bring%20about,age%20will%20get%20left%20behind.
[22] WBG, “Free Trade Deal Boosts Africa’s Economic Development,” World Bank Group, June 30, 2024,
[23] USDS, “2023 Investment Climate Statements: Haiti,” U.S. Department of State, 2023, https://www.state.gov/reports/2023-investment-climate-statements/haiti.
[24] Anne van Aaken and Betul Simsek, “Rewarding in International Law,” 2021,
https://www.law.nyu.edu/sites/default/files/Anne%20van%20Aaken%20and%20Betul%20Simsek%20-%20Rewarding%20in%20International%20Law.pdf, doi:10.1017/ajil.2021.2,
[25] Idem.
[26] WTO, “Standards and safety,” World Trade Organization, 2024, https://www.wto.org/english/thewto_e/whatis_e/tif_e/agrm4_e.htm.
[27] EU, “Implementing EU Law,” Commission Europa, July 14, 2023, https://commission.europa.eu/law/application-eu-law/implementing-eu-law_en.
[28] Idem.
[29] Jyothiikaa Moorthy, “23 Email Spam Statistics to know in 2024,” Mailmodo, September 17, 2024, https://www.mailmodo.com/guides/email-spam-statistics/.
[30] Alessandro Civita, “Cybersecurity Strategies- Part 3, Russia’s approach to cybersecurity,” LinkedIn, July 13, 2024, https://www.linkedin.com/pulse/cybersecurity-strategies-part-3-russias-approach-alessandro-civati-iwwue/.
[31] CISA, “People’s Republic of China Cyber Threat,” Cybersecurity & Infrastructure Security Agency, 2024, https://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-actors/china.
[32] Jonathan Yerushalmy, “China cyber-attacks explained: who is behind the hacking operation against the US and UK?,” The Guardian, March 26, 2024, https://www.theguardian.com/technology/2024/mar/26/china-cyber-attack-uk-us-explained-hack-apt-31.
[33] Ken Westin, “How North Korean Cybercrime Aids the Russian Military and Circumvents Sanctions,” Panther, March 21, 2024, https://panther.com/blog/how-north-korean-cybercrime-aids-the-russian-military-and-circumvents-sanctions.
[34] The Soufan Center, “Intel Brief: The Threat Landscape of North Korea’s Cyber Arsenal,” February 22, 2024, IntelBrief: The Threat Landscape of North Korea’s Cyber Arsenal – The Soufan Center.
[35] Ken Westin, “How North Korean Cybercrime Aids the Russian Military and Circumvents Sanctions,” Panther, March 21, 2024, https://panther.com/blog/how-north-korean-cybercrime-aids-the-russian-military-and-circumvents-sanctions.
[36] Gordon Coreano, “Korea hackers trying to steal Nuclear secrets, US and UK warn,” BBC News, July 25, 2024, https://www.bbc.co.uk/news/articles/cjl6p3wj52no.
