A recent whitepaper authored by Hewlett Packard Enterprise exposed several innovations involved in the hacking business and Information Technology services people were quite surprised with how profitable it is.
Tech companies and Information Technology Services personnel need to innovate in order to have an edge over their competition, and so do hackers who have a huge marketplace that are trying to profit from legitimate enterprises. Understanding how they work and disrupting their value-chain can help reduce our risks of being hacked.
Information Technology services people categorized hackers into 5 kinds of personas according to their motivations:
- Nation or State backed – are motivated by their military duty or patriotism. They are specially trained and have access to more tools. They mostly focus attacks on high-value targets
- Hacktivists – are motivated by their ideologies and want to get revenge from people or businesses who do not align with their beliefs. They are so called script kiddies who are easily influenced by a sense of belonging.
- Cyber criminals – are in it for the money. They are masterminds, fixers, programmers, evasion specialists whose primary objective is to gain profits.
- Ego-driven attackers – are motivated by recognition and becoming famous. They gamify, taunt, hack, and troll their targets and can be highly sophisticated at times.
- Professional and hobby hackers – are motivated by the love of hacking itself. They can also be sophisticated and they would rather stay anonymous.
The HPE whitepaper also identified the major risks that for benefit hackers currently target so that Information Technology services people would know where to buff up their defences:
- Ad Fraud – these hackers deliberately aim to serve advertisements that have no potential or benefit to users or viewers. These attackers set up ad pages and use bots to visit these ad sites to generate fake site traffic. The advertising network would be able to generate reports that the ad pages were viewed so they would get paid. Your Information Technology services provider can help set permissions and block such adverts.
- Credit Card Fraud – these hackers are quite the attention-grabbers who are often on news headlines. Their process includes skimming payment information and PINs from automated teller machines (ATM) and point-of-sale (POS) systems. They also steal similar information from back-end systems. They profit by selling the bank and credit card information or by making fraudulent purchases both online and offline. The buy products that are usually easy to sell or trade as “online underground currency.” Your Information Technology services team can help monitor and thwart such attacks to keep your personal and company payment information secure.
- Payment system fraud or Bitcoin mining – these are relatively new comers to the hacking scene. These people steal from payment systems like Apple Pay, Bitcoin, Paypal and the likes and they launder the money after they steal it. Information Technology services group can help block fake payment system sites so you would not be fooled into entering your payment information.
- Bank Fraud – these cyber criminals hack into online banking systems and do money transfers from a valid account onto another account. They make money via wire or bank transfers or by selling the bank network systems and vulnerability information. These hackers usually congregate in certain regions of the world where they can elude investigations and litigation.
- Identity theft – hackers make money by selling personal individual information including social security numbers, addresses, and credit information. The stolen personal information can be used to create identities or lines of credit to be used in other fraudulent businesses phils directory mentioned above. Again, a competent Information Technology services team would be able to detect any changes in your systems or any intrusion attempts so payment fraud and bank fraud can be avoided but you would also need to be careful with discarding paper bills and bank mails since they contain information that can be used in identity theft.
- Credential harvesting – involves theft of usernames and passwords using phishing emails and seemingly legitimate fake websites. The data is sold and usually used for bank fraud and identity theft.
- Bug bounty – this involves identifying vulnerabilities of applications. They use these vulnerabilities and exploits to spy on citizens and it is also sometimes used for weaponisation.
- IP theft – these hackers steal intellectual property. They sometimes seek legitimate employment from certain companies only to gain access to business data that they would sell to competitors.
- Extortion – these hackers often target SMEs and high-level employees with their ransomware which prevent users from accessing their own system and data until they pay a certain ransom amount. Your Information Technology services team should be able to avoid such an attack with the proper security program instillations and proactive monitoring.