For hackers and cyber thieves, all data isn’t created equal. Fortunately, the more we know about the mindset and motivations of these savvy cyber criminals, the better we’ll be at stopping them before they steal. Given the rise of machine learning and other fraudster-friendly technologies, hacking the hackers has never been more important.
While some hackers find and exploit vulnerabilities for the sheer challenge of it, the majority are breaching systems for a specific reason. According to a recent report issued by Ernst & Young, hackers are most interested in customer information (17%), closely followed by financial information (12%), strategic plans (12%), board member information (11%) and customer passwords (11%).
Despite all the coverage surrounding state-sponsored attacks and stealing trade secrets, these types of breaches are far less common. Rounding out the top 10 list of data most coveted by hackers is R&D information (9%), M&A information (8%), intellectual property (6%), non-patented IP (5%) and supplier information (5%).
Weapons of Choice
How do hackers go about getting the information that they want? As expected, the same E&Y report confirmed that phishing is the most common method of cyber theft (22%). This kind of attack employs a mix of social engineering and technical know-how to coerce unwitting victims into handing over their most precious passwords and data.
Just behind phishing, the hacker’s most-used methods include malware (20%), disruptive cyberattacks (13%), financial cyber-attacks (12%), fraud (10%), IP cyberattacks (8%), spam (6%), internal employee attacks (5%), natural disasters (2%) and espionage (2%).
Who Are the Hackers?
The media often portrays hackers as shadowy, hoodie-wearing geniuses, but the truth is both more frightening and more ordinary. Most hackers are average tech experts motivated by money. They often turn to hacking because the financial returns are high, while the risks are relatively low.
Most of these fraudsters are young, talented programmers who are paid to develop malicious code. This code is then bought, sold and traded on a wide range of platforms found on the dark web. Gaining access to these forums is often difficult. Admission is usually only open to those who are vetted and trusted by other hackers.
On these secretive forums, organized criminals solicit talented programmers, paying them to break into companies, breach individuals or develop ransomware for nefarious purposes.
Hackers for Hire
The internet is invaluable to fraudsters, serving as both a source of commerce and a means of higher education for hackers and would-be hackers alike. As a result, one doesn’t even need to be tech-savvy to become an effective hacker.
Many of the tools of the trade — like malware, spam and spyware — can be purchased in the form of exploit kits by anyone on the internet. With the help of these exploit kits, hacking success rates have risen to 40%.
One of the most common versions of this spam-for-hire is the 419 scam, also known as the “Nigerian Prince Scam.” In this advance-fee scam, victims are contacted via email and asked to pay up front so they can receive an imaginary lump sum later.
Unsurprisingly, spam makes up 90% of all email traffic. And while some countries like Australia have begun issuing hefty fines for spammers, spam is becoming more sophisticated. Now companies and individuals run the risk of data extortion, or having their computers turned into botnets that steal passwords and record their every keystroke.
Such threatening malware can be purchased for as little as $200, while a universal kit designed to target almost any financial institution can be bought for $1,000. Back in 2006, one hacker known as “0x80” boasted that he earned nearly $7,000 a month sending spam through botnets he created.
Even more staggering, some hackers can earn nearly six figures a month through their scams. That’s a pretty healthy incentive to stay on the dark side of the law. Salaries like these pale in comparison to those of ethical hackers, which top out around $500,000 per year.
No longer content with flexing their skills and sowing chaos, most hackers are dedicated to creating malware for the purpose of stealing valuable data and turning infected computers into botnets.
Companies who think firewalls and antivirus software offer enough protection are wholly unprepared for this brave new world of hackers for hire.
Increasingly, malicious emails are getting smarter. They’re targeting senior management and their families — even using their names and job titles.
Given the fear of botnet armies raised by nations like Russian and China, in 2007 the FBI launched Operation Bot Roast, aimed at reducing the one million zombie PCs enslaved for criminal use.
Here to Help
Understanding hackers and the motivations behind their crimes is essential to reducing the risk profile of your company or organization. To stay safe, make sure your IT products are updated, and watch out for malicious websites and clever attempts at social engineering.
The hacks of tomorrow are increasingly sophisticated and multifaceted. Companies can no longer rely on simple solutions like antivirus software. A smart cyber defense strategy is a combination of people, processes and proactive monitoring. Hackers will always be looking for what’s new and next, so it’s important to use innovation to beat them at their own game.
While Bluefin can’t protect you from every form of cyber theft, its advanced technology ensures cards are encrypted the moment they enter a payment system. To find out how our P2PE and tokenization services protect your organization from a data breach, contact a Bluefin representative today.