I’ve been talking to hackers to get into their mindset so I can work out how best we can help businesses protect their end users and sensitive data.
And the first thing that comes out is that, generally, a cyberattack is nothing personal; you’re not being specifically targeted.
Most phishing, ransomware or vulnerability scanning attacks out there are widespread sprays, hoping for a pay-out. It’s a numbers game; test the defences of enough organisations and you’ll find one that will let you in.
It’s like walking down your main shopping precinct and having a flyer thrust into your hand — you’re a target, but you’re not being specifically targeted.
Most people will bin the flyer without reading, but a few will read and act upon the info, bringing in enough return to make the whole flyer operation profitable.
So, if it’s rarely personal, why do hackers attack? What’s in it for them? By understanding the level of investment they’re willing to make and the danger they’re willing to risk, we have a better chance of disrupting their operating model or putting a stop to it altogether.
The five core ‘wants’ of cyber attackers
My research unearthed five main elements attackers are looking for. Once you understand them, you have the basis for a robust defence strategy. You can filter an attacker’s wants into the following:
They want to use your networks and IT for targeted attacks against others or as part of their DDoS (distributed denial-of-service) attack infrastructure.
This can take many forms, from mining bitcoin through to extortion or manipulating your stock price. A whaling attack could trigger fraudulent money transfers, or they could steal funds through capturing credit card and banking details.
Attackers can monetise your data through extortion with or without ransomware, either threatening to delete or leak your data. They can also obtain funds by stealing your intellectual property.
They might need somewhere to store something illegal and / or non-attributable on your systems. Think pirate software and illegal images.
Although your identity may well only…