Cybercriminals Are Industrializing Deception, New Report Warns
Global cybercrime syndicates are increasingly exploiting outdated software, misplaced trust in digital platforms, and the allure of fast money, putting millions of people at risk, according to a new research report from NordVPN’s Threat Intelligence unit and TechRadar’s security team.
The investigation highlights three major, interconnected campaigns that demonstrate how cybercriminals are scaling up operations and exploiting both technical vulnerabilities and human behaviour.
Exploiting Legacy Software
One of the primary campaigns centers on the exploitation of FCKeditor, a once-popular web-based text editor that was widely used in websites and content management systems during the 2000s and early 2010s. Although no longer maintained, the software is still in use across many sites, leaving them vulnerable to known security flaws.
The vulnerability in question, tracked as CVE-2009-2265, allows attackers to upload and execute malicious files on affected systems. NordVPN and TechRadar report that cybercriminals have already compromised more than 1,300 domains, including government websites, corporate platforms, research institutions, and major brands.
Attackers have been using these compromised websites to spread malware, redirect users to phishing sites, and conduct other fraudulent activity. Previous reporting by TechRadar revealed that dozens of university websites, including those of MIT, Columbia University, the University of Washington, and others, had been targeted. Government sites and commercial domains were also affected, including the Government of Virginia, the Government of Spain, and Yellow Pages Canada.
Once infiltrated, these legitimate domains become powerful tools for cybercriminals, helping them evade suspicion and reach a wider pool of victims.
A Sophisticated Crypto Scam
Another large-scale campaign focuses on cryptocurrency fraud. Victims receive emails claiming that a large crypto deposit, typically 15 Bitcoin, has been credited to a new account on an exchange. The message includes login credentials and a link to a fake exchange website, where the victim sees a fabricated balance.
To access the supposed funds, victims are asked to pay fees or taxes, often described as “gas fees.” Once paid, the money is stolen, and the victim is left with nothing.
NordVPN researchers identified more than 100 domains connected to this scheme, suggesting a well-organized operation.
“This is social engineering at an elite scale,” said Domininkas Virbickas, Product Director at NordVPN. “Criminals are leveraging the allure, and confusion, of cryptocurrency to reinvent old scams in new digital forms.”
Fake Online Stores on an Industrial Scale
The third campaign uncovered by researchers involves more than 800 fake online stores across categories such as fashion, automotive products, and health goods. These websites advertise extreme discounts and time-limited deals designed to create urgency and bypass consumer skepticism.
The operation has been linked to a single Chinese-speaking threat actor. The websites are built using common platforms such as WordPress, WooCommerce, and Elementor, making them easy to replicate and scale. Indicators such as untranslated Chinese characters and reused digital assets helped investigators trace the network.
Researchers also discovered that many of the fraudulent sites share the same hosting provider, registrar, and infrastructure patterns, allowing the operators to run a large, coordinated network of scams.
“This network demonstrates the industrialization of online fraud,” said Virbickas. “Automation and template-based site creation now allow single actors to manage entire fraudulent ecosystems that mimic legitimate online retail.”
A Growing, Coordinated Threat
The findings underscore how cybercriminal groups are becoming more organized, professional, and scalable. By combining technical exploitation with social engineering and industrial-scale fraud infrastructure, attackers are increasing their reach and impact.
As cybercrime becomes more sophisticated, users and organizations alike must stay vigilant, keeping systems updated, scrutinizing unexpected messages, and verifying websites before sharing personal or financial information.