Site icon Panda Security Mediacenter

Inside the mind of a cybercriminal: what is he looking for and why has he chosen your business?

hacker

One of the first steps to ensure that your private information isn’t accessible is to understand the reasons that drive hackers and cybercriminals to do what they do – what are their motives? Politics? Money? Fame? Or is it merely the thrill of getting away with it? What influences their actions and their possible responses?

What motivates a hacker?

Given the importance of having answers to these questions, the cybersecurity firm Thycotic carried out a survey of 127 hackers at the Black Hat USA conference in 2014.

51% of those questioned stated that their main motivation was the “search for emotions”, while only 18% said that they were driven by money. According to the report, this indicates that “modern hackers are curious, they are bored and want to test out their abilities”.

To get a better understanding of this information, we need to put it into context: only some of those responsible for cyberattacks make up what is known as hackers, while the rest of them are simple cybercriminals who are looking for an easy way to make money with their attacks.

A large majority of those (86%, to be exact) were also convinced that they wouldn’t have to face the consequences of their cyberattacks, which also lead them to continue doing what they do. The theory of the study is as follows: “The number of attacks carried out is far higher than the level of monitoring on the systems. Today’s hackers are more adaptable than ever and this allows for multiple attacks on multiple systems, increasing the levels of success without increasing the risk”.

Three reasons to target your business

  1. It’s a personal goal – they carry out these attacks as a personal challenge, something to show off to other hackers or merely to prove themselves a point. This doesn’t mean that there isn’t an element of danger to the attacks that it provokes.
  2. It’s done for personal gain – as we’ve already mentioned, many cyberattacks (the majority of the most important ones) are done with the aim of identity or economic theft.
  3. It’s a form of vandalism – sometimes it’s just done so as to wreak chaos (making IT systems crash, etc.), while other times there is a political element to the attack (“hacktivism”), such as the case of the groups that work under the name of Anonymous.

How do they choose victims?

In the case of stealing information, 40% of the hackers stated that their main objective was to find the “weak link in the chain” of the business – the contractor. This person may not always have access to the company’s network but the hackers like that they aren’t subject to all of the company’s security policies, which makes them a valuable target.

A further 30% revealed that their main target was the IT administrator; someone with direct access to servers and systems where lots of confidential information is stored, such as that pertaining to clients or customers. This means that once the attacker has obtained control of the access codes, he can easily and quickly take control of the system.

How to protect yourself from an attack

Many hackers and cybercriminals on have to overcome traditional antivirus systems when they are carrying out their attacks – systems of protection that haven’t been able to adapt to the constant evolution of cyberattacks.

Due to this, Panda has come up with Adaptive Defense 360, a security solution that is capable of blocking applications based on real time analysis of their behavior, which allows us to close the “window of opportunity” on malware.

Exit mobile version