In this third article in our Cyber 101 series, we take a look at some of the underlying dynamics of why bad actors want to hack into your computer.
Cybercrime is big business – and getting bigger every day. In its 2019 report, the FBI’s Internet Crime Complaint Center recorded more than $3.5 billion in losses to individuals and businesses. In that same report, the Center said it had received the highest number of complaints and dollar losses since the Center’s 2000 founding.
But just who is perpetuating these crimes, and where are the attacks coming from? The answer is multi-faceted.
Today’s cybercrimes are rarely an individual endeavor. Sophisticated cybercrime organizations have made it an industry – one estimated to be more profitable than the world’s illegal drug market. These organizations create networks, collaborating to extort an estimated $445 billion to $600 billion globally annually.
The major motivator for the individuals who fuel these organizations is money.
In China – which news agencies say is home to the largest number of hackers on earth – the average income is about $8,000 annually. A hacker, meanwhile, can make $1,400 each day.
But while financial gain is an obvious draw, cybercriminals typically share some other characteristics. They’re generally gifted in technical knowledge, share a disregard for the law, a high tolerance for risk and a strong ego or desire to outsmart others. In the latter, they’re typically correct: Most are never caught.
Those who work for cybercrime organizations often have job descriptions remarkably similar to those of a regular company. The organizations are often divided into departments that include product development, technical support, quality assurance and customer service. Cybercrime groups are, like other companies, constantly honing their products to stay ahead of the competition – even recruiting staff and taking steps to bolster their image on the dark web.
“Cybercriminal organizations compete with each other for customers, fight for the best project managers and even look for CEOs to help them stay organized and on the task of stealing your money,” according to CNBC.
Many cybercriminals work a regular Monday-through-Friday schedule, taking weekends and holidays off. Some are even backed in their efforts by their governments, often using current issues as leverage. In April 2020 for example, according to The Hill: “Google reported it had tracked at least a dozen foreign government-backed groups attempting to use information around the COVID-19 pandemic to target cyberattacks at the health care sector and the public.”
The group used COVID-19 themes as lure for phishing and malware attempts, hoping targets would click malicious links and download the files.
China is home to most cyber criminals
An astonishing 41 percent of the world’s hacking traffic hails from China, the majority dedicated to attacking the networks of the U.S. and its allies.
The United States comes in second, and Turkey ranks No. 3. While fourth-place Russia claims just over 4 percent of global hacking traffic, its hackers are highly sophisticated, attacking the world’s most secure networks.
All this means the individual computer user is up against a wealth of criminal technical knowledge. And while many of these groups target businesses specifically, they pursue individuals as well.
“There are sophisticated cybercriminal gangs that are attempting to steal money and information from the average person online,” said Viasat cybersecurity engineer Jessica O’Bryan. “A lot of their activity is automated; it’s not one hacker going after one person.”
Jonathan Wyatt, also a Viasat cybersecurity engineer, agreed.
“It’s just a business; it’s definitely not personal,” he said. “Targeting a single person isn’t as lucrative as casting a wide net and making it as generic as possible. If you send messages to tens of thousands of people, you’ll get one or two hits. And that’ll be enough.”
While cybercriminals are getting more sophisticated and their methods increasingly complex, the tools to combat them remain simple. Most are anchored in common sense.
Because phishing – attempting to get someone to click on a malicious link in an email – is a tried-and-true method, always approach emails from unfamiliar sources with a mental red flag. And even if you receive an email that appears to come from a company you do business with, don’t click on any links or attachments. Check the sender’s email to verify it came from them, or go to their website and conduct any needed business there.
A legitimate website address should start with “https” and not “http.” The latter is a signal the site may be corrupted. Bogus websites and links may also have spelling errors, and unfamiliar fonts, layout or colors.
See our most recent article in this series for more tips on how to avoid becoming the victim of a cybercriminal.