Hackers, as well as the malware they create and use, have shown rapid growth over the past couple of decades. When computers were big, colorful boxes, modern hackers were just learning how to walk, and their pranks were not serious - perhaps they would have created a bit of stupid malware that would only show what they thought were funny messages. Since computers have already created their own branch of the economy, hackers have also turned from funny nerds into a daring army of serious criminals, writes the CSO publication.
Computers are no longer something new, and hackers are no longer idle. Gone are the outcasts who entertain themselves with hacks "for fun", energy drinks and junk food. Modern hackers are experienced professionals with a serious job. They are well paid, have human resources teams, and can even take vacations.
What are these jobs? A hacker's profile is as diverse as ways to make money or gain power, but roughly speaking, they fall into these 11 main types of cyber intruders.
1. Bank robbers
Once upon a time there were bank robbers and so-called highwaymen who rode horses and fired guns when they stole money from banks, travelers, merchants, and anyone else who was an easy bait. Today's financial hackers use ransomware and fake accounts, dating fraud, fake checks, fake escrow intermediaries, denial-of-service attacks, and any other fraud or hacking that will help them steal money from individuals, companies, and banks. Greed: This story is as old as humanity.
2. Nation States
Today, the most advanced countries employ thousands - if not tens of thousands-of skilled hackers. Their job? Sneak behind enemy lines into the military and industrial networks of other countries to withdraw assets and establish loopholes for intruders. Thus, when military operations begin, the cyberwar machine will be ready.
Stuxnet, which shot down hundreds of Iranian centrifuges, is an example of cyberwarfare. Equally infamous is North Korea's hacking of the Sony Pictures website in 2014 in retaliation for a film Pyongyang deemed offensive. They're just big stories. Hacking by nation states is happening all the time, mostly unnoticed, and this trend is not going anywhere. The attacking country will certainly do nothing to prevent this or punish the hackers, because they are soldiers doing their job to achieve the goals of their state.
3. Corporate espionage
For many hackers, a day in the office means stealing corporate intellectual property in order to resell it for personal gain or to achieve the goals of the state that employs them. A common type of corporate espionage is the theft of secret patents, future business plans, financial data, contracts, health data, and even notes about legal disputes. Anything that gives competitors an advantage over a hacked organization is of great interest. From time to time, corporate espionage is revealed when a competitor who has been offered illegal information reports it to the affected company and/or the authorities.
4. Professional hacker group for hire
This is a relatively recent phenomenon, with a group of experienced hackers developing, buying, or stealing powerful malware and offering Advanced Persistent Threat Protection (APT) services targeting their skills and tools for a fee. The goal can be financial gain, disruption of a competitor's work, or theft of valuable data, as well as intellectual property. Their clients may be nation states, companies interested in corporate espionage, or other criminal groups seeking to resell what hackers steal.
One group of mercenaries, known as Deathstalker, targets organizations that operate in the financial sector, including law firms, wealth consulting firms, and financial technology companies. They are known to be active in Asia, Europe, and South America. The group uses PowerShell-based malware called Powersing, which is delivered through targeted phishing campaigns. This malware can collect information such as login credentials and execute other malicious PowerShell scripts.
5. The rogue player
You can consider the gaming habits of teenagers as nothing more than an obstacle to getting good grades. However, for millions of people, gaming is serious business. This has created an industry worth billions of dollars. Some gamers spend thousands of dollars on the latest high-performance hardware. Every year, they spend hundreds, if not thousands of hours playing games. Isn't it surprising, then, that the gaming industry has its own specialized hackers? They steal their competitors ' caches or trigger anti-competitive distributed denial-of-service (DDoS) attacks.
6. Cryptojackers: Resource Vampires
Exploiting other people's computing power is a ploy that hackers have been using since computers first started appearing on the desktops of the mass user. Previously, hackers used other people's hard drives to store large files, such as videos. For years, SETI has hired volunteers to install a screen saver that harnessed the processor power of many people to help in the search for alien life.
The biggest reason hackers steal computer resources today is the desire to" mine " cryptocurrency. Illegal cryptominers, known as "cryptojackers," spread malware - either directly exploiting browser visitors or infecting the websites they visit, which then mine cryptocurrency for them. This steals resources such as electricity and computer processing power from the victims. Cryptojackers often can't pay for these resources and make a profit from mining cryptocurrency, so they steal it. Many employees of companies around the world were fired for distributing unauthorized miners on the company's computers.
7. Hacktivists
Hacktivists use hacking to make a political statement or promote social change. They either want to steal unpleasant information from the victim company, cause operational problems for the company, cause damage that will cost the victim company money, or draw attention to the hacktivist case. The Anonymous collective is one of the most well-known hacker groups. They are the authors of one of the most famous hacktivist attacks: using an operation called Darknet, they not only identified and disclosed several sites with child porn, but also called names, revealing their participants.
However, many of the well-meaning and law-abiding people get carried away with hacktivist goals and crimes and end up being arrested. Despite their good intentions, they can be prosecuted for the same crimes as hackers with less noble motives. If you tie yourself to a tree or a submarine, you'll probably get a suspended sentence. Hack something? You will most likely end up in jail.
8. Botnet Masters
Many malware developers create bots that they send out into the world to infect as many computers as possible. The goal is to form large armies of botnets that will obey the evil one. Once your computer becomes their minion, it waits for instructions from its master. These instructions usually come from the Command and Control (C&C) servers. A botnet can be used directly by its creator, but more often than not, the botnet rents it out to the customer.
These days, botnets are very popular, consisting of the Mirai bot, which attacks routers, cameras, and other IoT devices. The Mirai botnet was used to create one of the largest DDoS attacks on the DNS provider Dyn in history. It generated 1.2 TB / s of malicious traffic. The Mirai bot searches for unpatched devices and devices that haven't changed their default credentials (IoT devices are often easy targets), and installs itself easily. According to some experts, a fifth of the world's computers were part of the botnet army.
9. Ad spammer
You're lucky if your company was only hacked by spam malware or your browser was only hacked by an advertising program that tries to sell you something. The adware redirects your browser to a site that you didn't intend to go to. You may have searched for " cats "and the ad program sent you to"camping gear" instead.
Many legitimate businesses are surprised to learn that their own online marketing campaigns use spam and adware. Sometimes legitimate companies, such as Cingular, Travelocity, and Priceline, intentionally attract adware vendors and as a result are forced to pay legal fees.
Spam and adware may not seem like a serious threat, but it can be a sign of a serious leak in the system. These tools find their way through unpatched software, social engineering, and other tools that are the same techniques used to infiltrate more serious threats, such as Trojans, backdoors, and ransomware.
10. Gambling hackers
Most hackers work for financial reasons or are trying to achieve political goals, or they have an attacker working on them. But there remains a class of hackers who do this for the sake of excitement. They may want to show themselves and possibly the online community what they can do. There are not as many of them as there once were, because hacking - whatever the motive-violates the laws, and there is a real possibility of prosecution.
Today's gambling hacker is most interested in hacking hardware. The advent of universal hardware hacking kits with chips, circuitry, and jumpers (such as Raspberry Pi kits) has steadily increased public interest in hacking hardware as a sport. There are even hardware hacking sites created for children.
11. A random hacker
Finally, some hackers look more like tourists than serious scoundrels. They may have some technical capabilities, but they never intentionally intended to hack anything. Then one day they come across a website with a glaring code error. Fascinated by the puzzle it presents, they start playing hacking. To their own surprise, they discover that it was as easy as it seemed.
The story is full of people who stumbled across, for example, a website that used easy-to-guess numbers in the URL to identify customers. It can sometimes be difficult for random hackers to report their findings to a company without harming themselves. A random hacker can discover that they have committed an illegal crime just by solving the puzzle. Most security professionals fighting serious hackers believe that innocent hackers should not be prosecuted if they report vulnerabilities to a compromised company.
Author: Roger A. Grimes
Computers are no longer something new, and hackers are no longer idle. Gone are the outcasts who entertain themselves with hacks "for fun", energy drinks and junk food. Modern hackers are experienced professionals with a serious job. They are well paid, have human resources teams, and can even take vacations.
What are these jobs? A hacker's profile is as diverse as ways to make money or gain power, but roughly speaking, they fall into these 11 main types of cyber intruders.
1. Bank robbers
Once upon a time there were bank robbers and so-called highwaymen who rode horses and fired guns when they stole money from banks, travelers, merchants, and anyone else who was an easy bait. Today's financial hackers use ransomware and fake accounts, dating fraud, fake checks, fake escrow intermediaries, denial-of-service attacks, and any other fraud or hacking that will help them steal money from individuals, companies, and banks. Greed: This story is as old as humanity.
2. Nation States
Today, the most advanced countries employ thousands - if not tens of thousands-of skilled hackers. Their job? Sneak behind enemy lines into the military and industrial networks of other countries to withdraw assets and establish loopholes for intruders. Thus, when military operations begin, the cyberwar machine will be ready.
Stuxnet, which shot down hundreds of Iranian centrifuges, is an example of cyberwarfare. Equally infamous is North Korea's hacking of the Sony Pictures website in 2014 in retaliation for a film Pyongyang deemed offensive. They're just big stories. Hacking by nation states is happening all the time, mostly unnoticed, and this trend is not going anywhere. The attacking country will certainly do nothing to prevent this or punish the hackers, because they are soldiers doing their job to achieve the goals of their state.
3. Corporate espionage
For many hackers, a day in the office means stealing corporate intellectual property in order to resell it for personal gain or to achieve the goals of the state that employs them. A common type of corporate espionage is the theft of secret patents, future business plans, financial data, contracts, health data, and even notes about legal disputes. Anything that gives competitors an advantage over a hacked organization is of great interest. From time to time, corporate espionage is revealed when a competitor who has been offered illegal information reports it to the affected company and/or the authorities.
4. Professional hacker group for hire
This is a relatively recent phenomenon, with a group of experienced hackers developing, buying, or stealing powerful malware and offering Advanced Persistent Threat Protection (APT) services targeting their skills and tools for a fee. The goal can be financial gain, disruption of a competitor's work, or theft of valuable data, as well as intellectual property. Their clients may be nation states, companies interested in corporate espionage, or other criminal groups seeking to resell what hackers steal.
One group of mercenaries, known as Deathstalker, targets organizations that operate in the financial sector, including law firms, wealth consulting firms, and financial technology companies. They are known to be active in Asia, Europe, and South America. The group uses PowerShell-based malware called Powersing, which is delivered through targeted phishing campaigns. This malware can collect information such as login credentials and execute other malicious PowerShell scripts.
5. The rogue player
You can consider the gaming habits of teenagers as nothing more than an obstacle to getting good grades. However, for millions of people, gaming is serious business. This has created an industry worth billions of dollars. Some gamers spend thousands of dollars on the latest high-performance hardware. Every year, they spend hundreds, if not thousands of hours playing games. Isn't it surprising, then, that the gaming industry has its own specialized hackers? They steal their competitors ' caches or trigger anti-competitive distributed denial-of-service (DDoS) attacks.
6. Cryptojackers: Resource Vampires
Exploiting other people's computing power is a ploy that hackers have been using since computers first started appearing on the desktops of the mass user. Previously, hackers used other people's hard drives to store large files, such as videos. For years, SETI has hired volunteers to install a screen saver that harnessed the processor power of many people to help in the search for alien life.
The biggest reason hackers steal computer resources today is the desire to" mine " cryptocurrency. Illegal cryptominers, known as "cryptojackers," spread malware - either directly exploiting browser visitors or infecting the websites they visit, which then mine cryptocurrency for them. This steals resources such as electricity and computer processing power from the victims. Cryptojackers often can't pay for these resources and make a profit from mining cryptocurrency, so they steal it. Many employees of companies around the world were fired for distributing unauthorized miners on the company's computers.
7. Hacktivists
Hacktivists use hacking to make a political statement or promote social change. They either want to steal unpleasant information from the victim company, cause operational problems for the company, cause damage that will cost the victim company money, or draw attention to the hacktivist case. The Anonymous collective is one of the most well-known hacker groups. They are the authors of one of the most famous hacktivist attacks: using an operation called Darknet, they not only identified and disclosed several sites with child porn, but also called names, revealing their participants.
However, many of the well-meaning and law-abiding people get carried away with hacktivist goals and crimes and end up being arrested. Despite their good intentions, they can be prosecuted for the same crimes as hackers with less noble motives. If you tie yourself to a tree or a submarine, you'll probably get a suspended sentence. Hack something? You will most likely end up in jail.
8. Botnet Masters
Many malware developers create bots that they send out into the world to infect as many computers as possible. The goal is to form large armies of botnets that will obey the evil one. Once your computer becomes their minion, it waits for instructions from its master. These instructions usually come from the Command and Control (C&C) servers. A botnet can be used directly by its creator, but more often than not, the botnet rents it out to the customer.
These days, botnets are very popular, consisting of the Mirai bot, which attacks routers, cameras, and other IoT devices. The Mirai botnet was used to create one of the largest DDoS attacks on the DNS provider Dyn in history. It generated 1.2 TB / s of malicious traffic. The Mirai bot searches for unpatched devices and devices that haven't changed their default credentials (IoT devices are often easy targets), and installs itself easily. According to some experts, a fifth of the world's computers were part of the botnet army.
9. Ad spammer
You're lucky if your company was only hacked by spam malware or your browser was only hacked by an advertising program that tries to sell you something. The adware redirects your browser to a site that you didn't intend to go to. You may have searched for " cats "and the ad program sent you to"camping gear" instead.
Many legitimate businesses are surprised to learn that their own online marketing campaigns use spam and adware. Sometimes legitimate companies, such as Cingular, Travelocity, and Priceline, intentionally attract adware vendors and as a result are forced to pay legal fees.
Spam and adware may not seem like a serious threat, but it can be a sign of a serious leak in the system. These tools find their way through unpatched software, social engineering, and other tools that are the same techniques used to infiltrate more serious threats, such as Trojans, backdoors, and ransomware.
10. Gambling hackers
Most hackers work for financial reasons or are trying to achieve political goals, or they have an attacker working on them. But there remains a class of hackers who do this for the sake of excitement. They may want to show themselves and possibly the online community what they can do. There are not as many of them as there once were, because hacking - whatever the motive-violates the laws, and there is a real possibility of prosecution.
Today's gambling hacker is most interested in hacking hardware. The advent of universal hardware hacking kits with chips, circuitry, and jumpers (such as Raspberry Pi kits) has steadily increased public interest in hacking hardware as a sport. There are even hardware hacking sites created for children.
11. A random hacker
Finally, some hackers look more like tourists than serious scoundrels. They may have some technical capabilities, but they never intentionally intended to hack anything. Then one day they come across a website with a glaring code error. Fascinated by the puzzle it presents, they start playing hacking. To their own surprise, they discover that it was as easy as it seemed.
The story is full of people who stumbled across, for example, a website that used easy-to-guess numbers in the URL to identify customers. It can sometimes be difficult for random hackers to report their findings to a company without harming themselves. A random hacker can discover that they have committed an illegal crime just by solving the puzzle. Most security professionals fighting serious hackers believe that innocent hackers should not be prosecuted if they report vulnerabilities to a compromised company.
Author: Roger A. Grimes
