Many people will unfortunately only search for the meaning or definition of the word hacked once their machine or device has already been compromised by a malicious actor in their efforts to understand what has happened and how they can remedy the situation.
While the violation of personal privacy is fairly easy to understand, with many explanations drawing a likeness between being hacked to the physical act of a robbery, it is sadly somewhat more complicated, varied and less predictable than that.
Hackers operate in a multitude of ways and use a wide array of approaches, a side-effect of both the evolution of technology, as well as their adaptation to cybersecurity measures and the modernisation of relevant legal frameworks.
In the below article, we will examine the different ways in which hackers can approach their attacks, as well as their motivations for doing so, since not all malicious entities perform their actions for the exact same reason, despite common misperceptions of the opposite being the reality.
Although the motivations for hackers have become more diversified over the years, especially as hacking techniques have grown in number, scale and complexity, financial gain is still the most popular root cause for a breach. This applies both in terms of explicit profiteering, such as gaining direct access to funds, and indirect profiteering, such as gaining access to data that will ultimately benefit the hacker.
According to a data breach report by American multinational telecommunications company Verizon, financially motivated cyber attacks remain the most common reason for an external actor to attempt a breach, with the percentage actually rising above the 75 per cent mark it had fallen to in 2016.
In addition, this has also been the case with state-sponsored actors, where financial motives have also seen an increase.
“However, since 2015 it is relatively common for State-sponsored actors to also crave that cold hard cash as the financial motives for those actors have fluctuated between 6 per cent and 16 per cent of recorded breaches,” the report stated.
“Given this result, it should come as no surprise to find that the two most common cybercrime terms found on criminal forums are bank account and credit card related,” the report added.
The illicit extraction of personal information is linked to using hacking as a means for financial gain, but the two motivations for hacking are not one and the same.
A victim’s personal information can be extremely valuable to a malicious actor, as it can then be used in a variety of different ways.
Personal information can be sold to other criminals, whether they find themselves in the cybercrime space or outside of it.
It has been well-documented that extracted datasets containing private information have been advertised and subsequently sold on the dark web.
According to the Dark Web Price Index 2020, a single person’s credit card details can be sold for anything between $10 and $65 dollars, depending on what kind of information is being sold, as well as what type of account the user has.
Meanwhile, stolen PayPal account details can range between $155.94 and $320.39 per user, showing that online financial services are easier to milk monetarily, thus making them more valuable to malicious actors.
However, as mentioned above, stolen private information can be utilised in other ways, as personally identifiable information can be used to steal someone’s identity to execute fraud, gain access to data and accounts that the hacker has not previously breached, scam family members or other associates, open accounts in a number of businesses or public utilities in your name, as well as a number of other activities.
In certain instances, a malicious actor may target you in order to then subsequently attack someone else within your personal or organisational network. For example, you may work at a credit card processing firm or insurance company, where a treasure trove of valuable information is being stored.
A hacker may infect your device with malware that is not quickly identifiable as a malicious piece of software, but it instead attaches itself to emails, other files or manages to course through your personal network to infect other devices higher up the privilege chain.
In such cases, your own device, along with your personal profile and inherent level of trust and credibility, become unwitting carriers of parasitic malware, spreading dangerous software without your knowledge or consent and thus increasing the likelihood of a serious data breach.
“Parasitic Viruses appeared early in malware evolutionary history and then became quite rare,” CyberHoot’s Ty Mezquita wrote.
“However, they are making a comeback as security researchers have recently identified new parasitic viruses,” he added.
Hacking used for exploitation
The serious and ever-evolving threat of malware has been well-documented, documenting the vast number of cyber attacks in Europe, the United States and elsewhere in the world where such attacks have taken place.
Malware is designed to infect your device or network and affect its performance in some way, either by disabling or otherwise disrupting some or all functions, often holding it hostage until a monetary ransom is paid to the malicious entity behind it.
In fact, most company’s surveyed in the United States who suffered from a ransomware attack eventually paid the ransom amount demanded from them, with 62 per cent of US-based chief financial officers saying during the second quarter of 2021 that they had no other viable choice other than to meet the hackers’ demands.
“I’ve been in board meetings before where CEOs were literally in tears, crying because a 100-year-old family business is completely shut down,” former NSA hacker turned founder and CEO of security firm TrustedSec David Kennedy said during an interview with US television channel CNBC.
Moreover, according to the aforementioned Verizon breach analysis report, malware is the most commonly used hacking technique in the middle and final phase of an attack.
Based on the data available in the report, while traditional hacking makes up for the majority of the initial attack method during a data breach, malware makes up for the lion’s share of infection techniques used after the first vector attack, as well as during the final stage of the breach.
Accessing your audiovisual hardware
In one of the most extreme examples of intrusion and disruption to your privacy, hackers have for some time been able to gain unauthorised access to either your web camera, often referred to as ‘camfecting’, your microphone, or in some cases both of these devices.
By doing so, the malicious actor can record video or audio of either yourself and your surroundings for a number of purposes, including espionage, information gathering or to accumulate compromising or otherwise private material in order to extort you.
“What is alarming is that it also gives them remote access to your computer, including peripherals such as your webcam – meaning they can essentially watch whatever is on the other side of the lens,” UNSW cybersecurity expert Salil Kanhere said about camfecting attacks.
“It’s a complete intrusion on our privacy and it’s not just limited to your computer, this can happen on your phone, tablet as well as other networked devices in your home like security cameras,” he added.
As recently as January of 2022, a software engineer in the United Kingdom was sentenced to 26 months in prison for using victims’ web cameras to record unauthorised footage of them at their homes.
“The Crown’s case is the defendant showed absolutely no boundaries whatsoever during these offences; hacking and stealing data from various victims,” Nottingham Crown Court prosecutor Rebecca Coleman said.
DDoS attacks and crypto mining: your device as a zombie
While it may seem somewhat absurd to use that word to describe the situation, it is indeed quite accurate to do so.
In the context of hacking and cybersecurity, a zombie computer results after it has been tampered with or otherwise compromised by a malicious actor with the ultimate objective of using your machine to execute a resource-intensive task.
One notably common example of how a zombie computer can be used is the coordination and execution of Distributed Denial of Service (DDoS) attacks.
DDoS attacks use networks of bots, as well as any infected and secretly controlled devices, to repeatedly visit a website or make requests from an online service in order to overwhelm its server(s) and ultimately cripple it.
Zombie devices have also been used to send spam emails and other unsolicited content, allowing criminals to avoid detection by using your enslaved device as a legitimate front for their distribution of potentially dangerous material.
“This type of spam is also used for spreading Trojans, as this type of malware is not self-replicating but relies on circulation via email in order to spread, unlike worms that spread via other means,” Spanish cybersecurity software company Panda Security wrote.
“For similar reasons, zombies are also used for fraud against sites with pay-per-click contextual ads, artificially increasing the number of hits,” the company added.
Another example of how your device can become infected and be made to perform an unauthorised activity involves cryptocurrency mining.
In 2013, antivirus software company Kaspersky Lab reported a new Trojan virus that forces affected devices to perform Bitcoin mining so that the malicious party responsible can profit by the earning of digital currency.
“With the Trojan, hackers are forcing others’ machines to earn them money, and it can really put a strain on these machines,” Wired magazine wrote at the time.
“Victims might notice that their CPU usage shoots sky high,” the magazine added, showing how the zombie machine can be severely impacted by the infection.
How Boltonshield can help
Despite the major threat posed by the above hacking techniques and root causes for data breach attempts, there are ways for your organisation to stay safe and fend off all of the different types of hacking methods.
Boltonshield can weed out any vulnerabilities from your network and organisational setup with regular penetration testing.
Penetration testing essentially simulates an attack, conducted by a trusted party with expert knowledge, in order to identify weaknesses in your cybersecurity setup.
This includes poorly configured devices, computers, software and network connections, out-of-date security patches and firmware editions, as well as issues pertaining to device or platform privileges that can expose you to human-related security risks.
Considering the fact that the information technology industry, and consequently the cybersecurity space and the threat landscape that it encompasses, continuously and rapidly evolves and changes, it is critical that penetration testing is conducted at regular intervals to prevent emerging threats from outflanking your defensive setup.
In addition, penetration tests are also critically important because they can facilitate the creation of a structured response to an attack. Penetration testing equips organisational personnel with the knowledge of how to react and handle an attempted breach by a malicious actor.
Moreover, such a test can not only assist in preventing or identifying malicious actors but can also assist in removing them from the system altogether in the most effective way possible.
One key way in which a penetration test can assist the organisation is that by identifying the ways in which the attacker managed to successfully breach the system, the system administrator, developers or any other stakeholders involved with cybersecurity protocols, are all aware of what kind of mistakes, practices and decisions can pose a risk down the line and avoid repeating them altogether.
Regular penetration testing conducted by knowledgeable and trusted experts such as Boltonshield is particularly important if your organisation has undergone significant structural changes over the past few years.
This includes relocating to new premises, which implies having to also relocate and re-install technology infrastructure and devices, the purchase and installation of new devices, hardware or software suites, the installation of new security updates to critical pieces of hardware, as well as the implementation of changes to user policies and privileges.
In addition, Boltonshield can provide your company with a wide range of security services and solutions through our Defensive Security Team securing any attacking surface of your technological infrastructure.
Through our Security Operations Center and our integrated security solutions we are able to detect, analyze, and respond to cybersecurity incidents on all endpoints and networks, identifying threats that can even go under the radar evading standard security solutions.
Machine learning technology enables us to detect emerging threats, in real time, mapped in a way that provides total network visibility. This boosts our ability to quickly diagnose potential issues and act accordingly.
You can get in touch with us to find out exactly how Boltonshield can help you by clicking here.
If you want to get updated about our recent publications about cybersecurity related topics, subscribe to our newsletter!