The goal of 80% of human endeavor is to make money, with the other 20% dedicated to finding fascinating ways to spend it. These are figures I made up, but when I said it in the Bulletproof office, everyone nodded, implying it either speak the truth or that everyone is doing their hardest to ignore me once more. With this in mind, it’s reasonable to assume that people are less likely to put forth significant effort unless they know they’ll be rewarded monetarily. Hacking is included in this.
While some hack for fun, most malicious hacking is done for financial benefit, which is expected, someone having a particular set of cyber talents can make money in various ways. The ethical path is to train as a penetration tester, leading to a long, successful, and fulfilling profession. Those that embrace the dark side, on the other hand, can become hackers, and there are numerous methods for a hacker to profit from their actions.
Hackers can steal your credit card information.
To begin with, cyber fraudsters can swipe your credit card, or rather your credit card information. Several card-skimming incidents have occurred in recent years. Over 300,000 British Airways customers had their credit card information stolen by hackers in one high-profile attack, culminating in a hefty £180 million fine (thanks, GDPR)! Magecart, a malicious JavaScript line, was the main perpetrator. If this script is integrated into payment sites, hackers will steal credit card information as it is input and submitted. There was no want to go through the trouble of hacking databases.
Like Ticketmaster and the BA above, big names have been targeted by Magecart, dubbed “the biggest danger to e-commerce in 2020.” While it could be argued that following compliance packages like PCI DSS would prevent such attacks, recent experiences show that this is not always the case.
On the dark web, data is sold.
Compromising a private corporate database is a brutal attack, as any good penetration tester can tell you, so why do hackers try it? For the hundreds of millions of documents that contain personal information, that is. Even though this information might be used to perpetrate identity theft, individuals who obtain it prefer to sell it on the dark web.
The dark web may sound like something out of a cheap fantasy novel, yet it is home to a slew of illegal activities. Personal information (especially email addresses) stolen from hacked databases can be sold. Personal information is valuable since it can be exploited to commit identity theft by those in the know. The easyJet hack in 2020 was particularly noteworthy, as hackers gained access to the personal information of nearly 9,000,000 people.
Furthermore, email addresses can be sold to enable fraudsters to conduct phishing campaigns, resulting in identity theft or the transmission of malware for other revenue sources, such as whaling (more on that later). The virus in question may be adware, crypto mining software, or even ransomware.
Keep in mind the classic.
You may recognize ransomware from its sold-out 2017 tour (you may recall WannaCry, which paralyzed the NHS), and it hasn’t gone away. According to Sophos’ research, ransomware operations have only decreased by 3% from 2017 to 2020, and 51% of businesses have been struck by malware. As a result, it’s a good way for hackers to make money. Our 2019 annual cybersecurity report mentioned this famous cyber villain, and we’ll repeat it in our 2020 report. It is, in theory, the simplest way to monetize a hack. Hackers can encrypt critical files and demand a significant price (typically in Bitcoin) to unencrypt them using sophisticated phishing tactics or simply by dropping malware once access to a network has been gained.
If that wasn’t awful enough, several businesses discovered that even after paying the ransom (which you should never do), they didn’t receive their files back. These days, you can’t trust hackers. Ransomware is becoming more sophisticated, which is concerning. Some strains purposefully reduce their encryption and spread rates to stay below detection thresholds and remain undiscovered for longer. Some have even advanced so far as to directly encrypt the Master Boot Record on the hard drive, eliminating the need to waste time traveling from file to file.
Let’s mine some Monero.
Cryptojacking became more popular on the cyber scene in 2019 than the ransomware trend in 2017, as we noted in the Bulletproof annual cyber report. Bitcoin became a thing for reasons I still don’t understand, setting a precedent that led to a rise in digital “currency.” The majority of these are gained by ‘mining’ for them with CPU or, more recently, GPU power. As previously said, Bitcoin is the most popular currency, but mining it is becoming increasingly complex and thus less profitable. Monero appears to be the most popular cryptocurrency among hackers.
When you mine Monero (MXR), you’re part of a larger mining pool that leverages your resources to keep a public ledger of transactions. You will receive a tiny amount of MXR for each transaction that is logged. All of this may appear to be gibberish, and it is, but this is the reality we currently live in.
Botnets available for hire
Botnets, which are made up of infected devices that create a network, are growing in size. This is due partly to the recent growth of IoT devices, particularly low-cost models with a haphazard commitment to security (if they took any approach at all). If a computer, server, or Internet-of-Things device is added to a botnet, you’re unlikely to discover it because the virus utilized won’t cause any apparent disturbances. Hacking organizations are constantly competing to build the largest botnet because size does matter in this case.
These botnets can then be deployed to launch DDoS assaults against specific targets. This occurs when a site or service is inundated with many requests that the server can’t keep up, leading it to crash and take the service down. Consider a pub where there is only one bartender and thousands of patrons yelling orders. The poor bartender will eventually cry on the floor, and no one will obtain a drink.