Web

Cybercriminals: profiles and motivations

With the evolution of technology, more and more transactions are made over the internet, whether it is to have a conversation or to perform complex tasks related to online applications and services. Companies are going “all digital”, creating or using new categories of services and products. As a result, cybercrime is also evolving from a “real” to a “virtual” crime model. Cyberspace is particularly attractive to organized crime because it offers both a “safe” space and a more profitable return on investment for illicit activities. In this way, we move from organized crime to what we now call organized cybercrime.

A cybercrime is an offence committed through any electronic equipment or means of communication. Cybercriminals borrow or replicate all the known mechanisms of “traditional” crime. Identity theft, extortion and cyber-stalking are all means and services now offered online. It’s easy to operate in total anonymity from the Internet, which also breaks down geographical barriers. In this sense, many activities have developed online, from providing false identity documents, to using groups of hackers to carry out malicious actions against a competitor. The motivations of these cybercriminals can be varied, however, with a predominance for the lure of profit. Personal claims, rogue employees or unscrupulous competitors become a risk to organizations. In this sense, the study of these new kind of hacker profiles allows companies to anticipate the risks and especially to prepare for them.

The different profiles of cybercriminals

  • Professional Hackers

Hackers are the traditional profiles known to the general public. These are usually individuals who access private data without the owner’s permission, using technology as an attack vector (including exploiting vulnerabilities detected in organizations’ digital systems). Professionals are those whose usual activity is to work in the computer field, but who preferred to put their ethics aside. As opposed to “script kiddies” who are rather juvenile profiles, without experience, but with the minimum technical level to exploit the tools developed and made available by professional hackers.

But not all hackers are bad! Nowadays, you have to make a difference between black hat hackers and white hat hackers. Black hats are individuals who act for malicious purposes, while ethical hackers are individuals who use the same methodology as black hats, but use their skills to improve security. They look for possible flaws within a company and warn companies of possible weaknesses. The ethical hackers also divulge the results of their security research to help fight against cyber attacks and also to help everyone to better protect themselves.

  • Organized hacker groups

The increasing complexity of the digital environment and the increasing security of companies make it difficult to access data. This is why hackers with the same objective often get together to attack one or more targets, combining their skills to be more effective in their actions. Groups can form and specialize in certain types of attacks or modus operandi such as ransomware.

Unlike independent hacker groups, there is another type of professional hacker group: those recruited by states. The latter are part of groups led by governments, often for espionage, destabilization or economic intelligence purposes.

The success of these groups is recognized by numerous cybersecurity studies. According to Verizon Group’s data vulnerability investigations, 55% of attacks were perpetrated by organized groups of cybercriminals in 2020.

  • Existing and departing employees

Contrary to what one might think, the danger does not only come from the outside but also from the inside. While technology makes employees’ jobs easier, it also makes them more vulnerable to attack. The security conditions are rarely the same in telework as in the company. A disgruntled employee who would leave the company sometimes puts himself in a position of mistrust and can potentially use the information and access he may have about the company to retaliate. Three quarters of companies consider that employees intentionally put the organization at risk according to surveys on cyber attacks.

  • Cyber-activists

As their name suggests, these cyber-activists fight and carry out illegal activities to defend their cause or ideology. These causes can be related to any area such as the environment, religion, political views, and much more.

This is the case for the group Anonymous, AnonGhost and the Syrian Electronic Army. The cyber attacks carried out by these groups are mainly aimed at disrupting the activity of the targets but also at expressing a political vision and fighting for human rights. These types of profiles can damage a company’s reputation and cause significant financial losses, making them an attacker profile not to be underestimated.

Why are cybercriminals digitally attacking businesses?

While financial gain remains the main factor in cyberattacks, other causes must also be taken into consideration to better understand the real objectives behind a computer attack.

  • An unintended attack vector

Poor security configurations can pose a significant danger to an organization. Typically, these weaknesses occur when default settings are used as is, without analysis of their impact. Configuration errors can also be the source of vulnerabilities, as a direct consequence of negligence or lack of control of the parameters. What drives hackers to choose and attack certain companies are indeed the flaws detected! Being for many supporters of the least effort, they will tend to go for the simplest. Only continuous monitoring andevaluation of configurations can protect against these weaknesses. The monitoring can be operated by the SOC or internally, or entrusted to a service provider such as Exodata (Discover our SOC as a service – SOC – Security Operation Center).

  • Reputation and experimentation to improve

Cyber attacks often turn out to be a way for hackers to practice and test their hacking skills. They can also represent a challenge and thus motivate them to attack an organization. Indeed, we are seeing more and more sophisticated attacks that require a certain mastery of the subject, a lot of preparation and a certain amount of determination. Pirates are also looking for recognition, so they cultivate their criminal reputation in order to be recognized in the industry. They seek attention through large-scale, high-impact attacks.

  • Geopolitical and state motives

The massive development of online services, especially for public entities, has prompted many governments and countries to digitize their services and thus increase the exposure of their assets. However, hackers have different motivations. Recent years have highlighted a new trend for states to strengthen their intelligence services for economic and strategic purposes. Indeed, these state cyber hackers are trained in pentests and are sufficiently skilled to attempt to break into an information system. Their mission may cover espionage, data theft, disruption of services or any other activity requested by the state. That is why they always operate in the shadows and are considered purely and simply a cyber army, and why they can be engaged in conflicts with other countries. Cyber warfare is the result of many members of the cyber army from different countries fighting on a digital battlefield, using online access and technologies. They thus deploy significant resources to support their geopolitical and state motives and objectives.

  • Financial reason

Money is the main motivation for cyber attacks. In 2020, 86% of computer intrusions were motivated by financial interest according to the Verizon report. The digital world allows access to larger volumes of money and it becomes easier and safer for hackers to hide. Illegal activities online give a sense of security and impunity to malicious actors, due to the anonymity offered by the Internet. In addition, we are seeing the development of a real black market where cybercrime-as-a-service is growing. These markets offer a multitude of illegal digital assets, such as botnets and malware to cybercriminals. These services thus contribute to the improvement of the attack techniques of cybercriminals.

This article was written by: exodata.fr.

To Top