Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Your Guide to the Modern Varieties of Cybercriminal

Your Guide to the Modern Varieties of Cybercriminal

There is an entire litany of stereotypes that are commonly linked to the term “hacker”… too many for us to dig into here, especially since they do little but form a caricature of just one form that today’s cybercriminal can take. Let’s go into the different varieties that are covered nowadays under the blanket term of “hacker,” and the threat that each pose to businesses today.

To give this list some semblance of sensible order, let’s go from the small fish up to the large players, ascending the ladder in terms of threats.

The Ethical Hacker

First and foremost, not all hackers are bad. Certified Ethical Hackers are high-profile cybersecurity experts that are designed to think like a cybercriminal. They can be employed to determine how secure your organization is. 

The Unintentional Hacker

We all make mistakes, and we can all get a little bit curious every now and then. Therefore, it stands to reason that this curiosity could get people into trouble if they were to find something—some mistake in its code or security—on a website. This is by no means uncommon, and the question of whether this kind of hacking should be prosecuted if the perpetrator reports their findings to the company has been raised by many security professionals.

Regardless, if someone can hack into a website without realizing what they are doing, what does that say about the security that is supposed to be protecting the website… or, by extension, a business’ network? Whether or not you take legal action, such events should never be glossed over and instead be addressed as growth opportunities for improving your security.

The Thrill Seeker

Each of the hackers we’ll cover here has their own motivation for hacking into a network. In this case, that motivation ties directly back to bragging rights (even if the hacker only ever brags about it to themselves). While these hackers were once far more common, the heightened accountability and legal consequences that such behaviors now bring have largely quashed the interest in such hacking. Many of those that would have once been interested in this kind of hacking are now focused on modifying hardware over software, turning to interest-based kits like the Raspberry Pi and others to scratch their “hacking” itch.

The Spammer

Adware—or a piece of software that hijacks your browser to redirect you to a website hoping to sell you something—is a real annoyance, as it wastes the user’s valuable time and energy. It also isn’t unheard of for otherwise well-known and legitimate companies to use it in their own marketing, despite the risk they run of having to pay regulatory fines due to these behaviors.

While the real damage that adware spamming can do may seem minimal, it is also important to put the nature of these efforts into perspective. An adware spammer will use the same tactics that other serious threats—things like ransomware and the like—are often spread through. If you’re finding your workstations suddenly inundated with adware, you are likely vulnerable to a much wider variety of threats than you might first assume.

The Botnet Recruiter

Some threats to your network aren’t even technically directed toward your business itself. Let me ask you this: would you see it as a threat to have your computing resources taken over and co-opted for another purpose? After all, the result is effectively the same as many more directly malicious attacks—greatly diminished productivity and efficiency.

This approach is quite literally how a botnet operates. Using specialized malware, huge numbers of otherwise unassociated machines can be taken under control and have their available resources directed toward some other means. A particularly famous example of a botnet’s power came just a few years ago, when a botnet was utilized to disrupt the services of Dyn, a DNS provider. This took popular websites like Twitter and Facebook down for several hours.

Missing or neglected patches are one of the simplest ways for a botnet to claim your resources as its own—particularly when login credentials haven’t been changed.

Hacktivists

While political activism can be a noble cause, the hacktivist goes about supporting their cause in a distinctly ignoble way. Operating in sabotage, blackmail, and otherwise underhanded tactics, a hacktivist that targets your company could do some serious damage—despite the good that most of these groups are truly attempting to do.

Of course, the law also doesn’t differentiate between different cybercrimes based on motive, making this form of protest particularly risk-laden for all involved.

The Miners

The recent cryptocurrency boom has seen a precipitous uprising in attacks that try to capitalize on the opportunity, using tactics that we have seen used for good and bad for many years now. Above, we discussed the concept of a botnet—where your computing resources were stolen to accomplish someone else’s goal. However, the practice of utilizing borrowed network resources is nothing new. The NASA-affiliated SETI (Search for Extraterrestrial Intelligence) Institute once distributed a screen saver that borrowed from the CPU of the computers it was installed on to help with their calculations.

Nowadays, cybercriminals will do a similar thing, for the express purpose of exploiting the systems they infect to assist them in hashing more cryptocurrency for themselves. The intensive hardware and utility costs associated with mining cryptocurrency often prohibit people from undertaking it on their own—so enterprising hackers will use their malware to find an alternative means of generating ill-gotten funds.

The Gamers

Despite the dismissive view that many have towards video games and their legitimacy, it is important to remember that the industry is worth billions (yes, with a “B”) of dollars, massive investments into hardware and hours poured into playing these games. With stakes that high, it is little wonder that there are some hackers that specifically target this industry. These hackers will steal in-game currency from their fellow players or launch their own distributed denial of service attacks to stifle the competition.

The Pros-for-Hire

The online gig economy has become well-established in recent years—where a quick online search can get you a professional to help you take care of your needs, whether that be for childcare or for car repairs or any other letter of the alphabet. Similar services exist for directed cybercrime efforts as well.

Using a combination of home-developed malware as well as examples that they’ve bought or stolen themselves, these professionals will license out their services for a fee. Whether it’s a governmental body seeking sensitive intel or a business seeking to undermine a competitor, these mercenaries can pose a significant threat against anyone who lands in their crosshairs.

The Thief

On a related note, a lot of modern cybercrime is simply a digitized version of crimes we have seen in years past. Without another stagecoach to hold up, highway robbery has simply been shifted to the information superhighway, the stick-‘em-up translated to ransomware, dating scams, or denial-of-service attacks. The overarching motivation behind most of these efforts is simple: illegitimate fiscal gain.

The Corporate Crook

Corporate spying is a decidedly more direct version of the pro-for-hire trend that we discussed above, where a hacker will target a business’ documents and resources to help their competition in any way they can. While there may not be honor among thieves, there can be amongst the businesses that these thieves will try to sell stolen data to, as some companies have reported the theft after being approached.

The Nation State

Finally, we come to perhaps the biggest threat out there to many: massive teams of professional, government-employed hackers working to undermine the operations and machinations of other nations—both in their governments and their industries. This is generally intended to put the other nation in a diminished position should hostilities ever erupt.

If you remember the 2014 satirical movie The Interview—and more pertinently, the hack that Sony Pictures suffered in retaliation for the film—you’re aware of a very recognizable example of this kind of threat actor.

Clearly, the idea of a hacker that so many have is far too minimalistic to be relied upon anymore… especially if you’re staking your company’s cybersecurity preparedness on it. That’s why 415 IT is here to help. Our professionals are well-versed enough in best practices to help prepare you to deal with a much more realistic cyberattack. You just have to reach out to us at (415) 295-4898 to get started.

Using YouTube to Improve Everything
Counting the Reasons for the 3-2-1 Data Backup Rul...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, May 07 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://web.415it.com/

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing IT Support Data Data Backup Network Security Privacy Cloud Hosted Solutions Internet IT Services Data Recovery Business Software Efficiency Email Managed IT Services Google User Tips Mobile Device Innovation Small Business Malware Hackers Phishing Collaboration Hardware Cybersecurity Outsourced IT Communication Business Management Android Workplace Tips Cloud Computing Computer Upgrade Smartphone Managed Service Backup Quick Tips Tech Term VoIp Mobile Devices Microsoft Windows 10 Business Continuity Disaster Recovery Smartphones Covid-19 Ransomware Communications Users Saving Money Managed Service Provider Passwords Paperless Office Remote Work Encryption Browser Network Wi-Fi Internet of Things Artificial Intelligence Office 365 Remote Monitoring Business Technology BDR Server Data Management Managed IT Help Desk Social Media Windows Compliance Save Money Windows 7 Microsoft Office Holiday Healthcare Document Management Government Vulnerability Automation Scam Miscellaneous Applications Laptops Blockchain Health Employer-Employee Relationship Remote Facebook Managed Services Data Security Chrome Virtualization Managed IT services Redundancy Information BYOD Vendor Management Gadgets Avoiding Downtime Mobile Office Meetings Infrastructure Antivirus Machine Learning Office Analytics Project Management Wireless Bandwidth Tip of the week Two-factor Authentication Processor Maintenance RMM Hard Drive IT Management VPN Proactive Networking Customer Relationship Management Storage Router Remote Worker Software as a Service Net Neutrality HIPAA Files Access Control Information Technology Virtual Private Network Time Management OneDrive Training Employee-Employer Relationship Website Company Culture WiFi Mobility Apps Data Loss Regulations IoT Management Social Network Conferencing File Sharing Gmail Spam File Management The Internet of Things Assessment Monitoring Risk Management Cooperation Voice over Internet Protocol Money Network Management Search Payment Cards Remote Monitoring and Management Bring Your Own Device Holidays Financial Consultation Utility Computing Display Co-Managed IT Operating System Remote Computing Tablet Employees Dark Web Augmented Reality Electronic Health Records Internet Exlporer Professional Services Mobile Consulting Downtime Instant Messaging Smart Technology Recycling Word Computing Unified Threat Management Vendor Patch Management Data Breach Free Resource Managed Services Provider Customer Service Remote Workers Big Data Data Storage Flexibility Password Smart Devices Mobile Security Server Management Alert Images 101 Unified Communications Chatbots Windows Server End of Support Nanotechnology Wires Employer/Employee Relationships Gamification Apple Specifications Database CRM Human Error Operations Mobile Computing Hard Disk Drives Digitize Sensors Ergonomics Printing Digital Payment Hotspot Mirgation Technology Laws Managed IT Service Websites Emergency Multi-Factor Security Enterprise Content Management Computers Customer Relationships E-Commerce Theft Outlook Wearable Technology Disaster Resistance Star Wars Notes Authentication Identity Theft Printer Enterprise Resource Planning Windows Server 2008 User Management Gifts Electronic Medical Records App Proactive Maintenance Solid State Drive Black Friday Unified Threat Management Cache Projects Content Filtering OneNote Permission Geography Solid State Drives Shadow IT Vendors Mouse Language Authorization Break Fix SaaS Social Networking Value of Managed Services Innovations Features Shortcut Proactive IT PowerPoint Identity Teamwork Hacker Permissions Screen Reader Cybercrime Outsource IT Cyber security Politics Cyber Monday Staff Return on Investment How To Test Microsoft Excel Touchscreen Hacking Lenovo Modem High-Speed Internet Options Outsourcing Telephone Private Cloud Computing Infrastructure WPA3 Samsung G Suite IT YouTube Procurement Tech Support IT Consulting Peripheral Heating/Cooling SharePoint Shared resources Optimization Going Green CES Google Calendar Fraud Smart Tech Database Management Laptop Mail Merge User Error Settings Personal Information Banking Trending Superfish Development 5G Video Conferencing Mobile VoIP Bookmarks ROI Alerts Bitcoin PCI DSS Fleet Tracking Zero-Day Threat Virtual Reality Statistics Motherboard Chromebook Manufacturing Business Telephone Videos Cyberattacks Social Travel IT Technicians Cost Management Virtual Assistant Servers Downloads Virtual Machines Batteries Mobile Device Management Connectivity GDPR Remote Working Firewall Address Migration eWaste Transportation Active Directory Reviews Cookies Cables Wireless Internet Biometric Favorites Comparison Licensing Wasting Time Current Events Asset Tracking Backup and Disaster Recovery Data Warehousing Bluetooth Vulnerabilities IT Assessment Media Read Only Security Cameras Technology Tips Recovery Distributed Denial of Service Managing Stress CIO applications Credit Cards Point of Sale Tech Terms Legislation Techology Budget MSP Finance Education Marketing Printers CEO Students Daniel Stevens Regulation Twitter

Latest Blog

Windows has no shortage of capabilities to offer its users, with many of these tools coming with an associated Windows shortcut. Since keeping track of all of them can be a challenge, we wanted to assemble a list of most of them for you. This blog will serve as that list, so...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...