How (and why) cybercriminals seek to exploit companies and individuals

Staying 100% safe online is no longer something we can take for granted. But being proactive and assessing our current cyber hygiene every day is.

Remote work and digital addiction are leading to increasing cyber attacks, which make our (digital) lives more fragile than ever.

Here are two recent examples. The COMB breach in which more than 3 billion user credentials from Netflix, LinkedIn, Exploit.in, or Bitcoin were leaked on a popular hacking forum. The water treatment facility hack in Florida highlighting the lack of security measures to protect critical infrastructure.

By now, these events are routine and cybercriminals exploit every single opportunity.

To put things into perspective, here’s how and why cybercrime has far-reaching implications for both society and the economy.

Important cybersecurity stats and trends to ponder on:

• The global information security market is forecast to reach $170.4 billion in 2022 (Gartner)
• Cybercrime and its global damages are projected to grow by 15% per year, reaching $10.5 trillion in 2025, up from $6 trillion in 2021. (Cybersecurity Ventures)
• Ransomware attacks are expected to target a business every 11 seconds by the end of 2021. (Cybersecurity Ventures)
• Cybercrime could be the world’s third-largest economy in 2021. (World Economic Forum)
• The cybersecurity skills gap remains an issue, with an estimation of 3.5 million unfilled industry jobs by 2021. (Cybersecurity Ventures)
• The number of IoT devices installed worldwide will increase rapidly from 35 billion in 2021 to more than 75 billion by 2025. (Security Today)

These staggering numbers show us that cybersecurity should be a top-of-mind problem for everyone, not just for those who work in the field. It’s our responsibility to learn basic cybersecurity knowledge and be more cyber aware.

We need to focus on taking action and changing habits in ways that ensure we can strive in uncertain and challenging times.

A key factor to improve cybersecurity measures and mitigate security risks is understanding the specific characteristics of cybercriminals and what are the triggers behind these attacks.

Analyzing the attacker’s perspective on this matter helps us build a better defensive strategy so they don’t trick us again and again.

Build a flexible mindset and know these 5 specific characteristics of cybercriminals:

These particular patterns help us understand how the attackers’ mentality work and what defines them:

1. Persistence – Most attackers don’t launch malicious campaigns through sophisticated techniques, they’re simply more persistent in discovering critical vulnerabilities they can exploit. In a recent investigation, Microsoft analyzed the email infrastructure that attackers use to send targeted malicious campaigns. The research highlighted important insights about persistent cybercriminals’ operations and specific patterns in their activity.
2. Risk-taking – Cybercriminals are mostly engaged in activities associated with black hacking such as: accessing a network without authorization or stealing sensitive data through social engineering. They feel comfortable with breaking the law intentionally or simply ignoring the consequences of their malicious actions. This means they are likely to engage in more risk-taking behaviors and use technology to their advantage. No rules, no boundaries.
3. Data-driven – (More) data is at the center of any cyberattack or cybercriminal operation. Because threat actors want to collect as much data as possible. They target any data from both consumers and organizations because it’s profitable, attractive, and can be accessed from anywhere in the world. Here’s how: “A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.” (source).
4. Systemizing – A study published on Frontiers in Human Neuroscience shows that systemizing is specifically correlated to the code-breaking ability of malicious actors. It‘s an intrinsic motivation they have to build and understand systems.
5. Creativity – Threat actors demonstrate high creativity with tried-and-tested methods and constantly coming up with fresh, creative ways to lure their victims. Here’s one example: “security solutions don’t always classify error messages as suspicious, leading criminals to create fake error messages in their email attachments, paired with “Retry” buttons”, a new report concluded.

What triggers malicious actors to launch attacks

Why do they do it?

Motivations may vary from one attacker(or threat group) to another, but there are two key drivers for cybercrime:

• Financial gain to fill their pockets with as little effort as possible. A recent example shows how a company fell victim to ransomware and paid millions in bitcoin to get the decryption key and retrieve their data. Although they restored their systems, they fell to identify the root cause and better secure them. In less than two weeks, attackers came back using the same mechanism as before.
• Extract a large amount of data. From credit card details, personal information to credentials, health-related records, cybercriminals use data in many ways. They do it to sell your data on the Dark Web, hack your accounts, or simply leak out intimate photos/video content on the Internet. On their blog, Kaspersky describes (with examples) why doxing, a form of cyberbullying, is so dangerous and such a pressing matter these times.

Besides financial extrinsic motivations, some do it for fun, simply because they enjoy exploiting vulnerabilities in systems (or infrastructure) and also testing their hacking skills.

Others are interested in boosting their social status and high esteem, while several threat actors have political or social causes motivations such as promoting a specific movement, organization, hacking elections, or targeting government agencies.

Essential tools cybercriminals use to find high-risk vulnerabilities

Cybercriminals have lots of tools at their disposal to carry out attacks, mostly similar to those Red Teams and BlueTeams use to simulate real-life cyberattacks.

These are free open-source hacking tools and popular among malicious actors too:

• Metasploit Framework is an essential penetration testing tool for the reconnaissance phase developed by Rapid 7 and the open source community. It provides valuable information about exploits, payloads, or targets, and can be used in both ethical and unethical activities. Use it for ethical reasons to detect critical vulnerabilities before attackers do, test your systems and improve security awareness.
• Nmap is another popular and free network scanner tool that attackers rely on to examine an environment and uncover potential security flaws. Try it to scan your network and gather as much helpful information as possible about your hosts, open ports that shouldn’t be accessible, outdated services, and much more. Check out this tutorial to better understand how to use it.
• Wireshark is a powerful hacking tool that you can use to capture network traffic from Ethernet, Wireless, and get a deep inspection of your URL or network packets to detect potential networking issues. Want to know how to use this tool? Explore these learning resources. We suggest using it for educational purposes only while keeping your white hat on.
• John the Ripper is a free and popular password-cracking tool malicious actors use to gain access to systems and apps by testing password strength or crack them. Always make sure your passwords are strong and unique, and you don’t reuse them for multiple accounts. Try a password management app like LastPass or Keeper.

Level up your hacking skills: learn, practice, repeat.

Don’t have enough experience to understand these hacking tools?

You can cultivate your skills if you invest time and energy into learning and practicing.

Here are 4 simple ways you can gain practical experience:

1. Join challenging security competitions like CTFs because it helps you get to understand specific security concepts, techniques, tools, and methodologies. You can either team up with friends or learn alone. Look for upcoming competitions here. All experience levels available.
2. All hands on deck: volunteer for infosec projects. You’ll get to connect with like-minded peers and better know the community who will support you and share valuable lessons. Read these volunteer stories to understand how such experiences make a difference in your career.
3. Test and experience all types of challenges for free on CyberEDU. The platform provides over 150 exercises based on real-life scenarios and is developed for and used in international competitions.
4. Try free training like PortSwigger Academy or TryHackMe to level up your skills from interactive labs, gamified lessons with progress-tracking, and challenging quizzes.

Always remember to keep practicing and do extra research on specific infosec topics for which you need more clarity.

3 key takeaways to build on:

• Look at major infosec events and analyze stats to get the bigger picture and better understand how they shape our lives.
• Cybersecurity is not such a technical field, it’s more about humans and their behavior. Understand the risks of online threats and take cybersecurity more seriously through proactive and cyber habits.
• Focus on developing a growth mindset and find ways and people to help you expand your knowledge. Never stop learning.