What Are Cyber Criminals Targeting and How to Demotivate Them?
Before the internet, relocating to certain neighborhoods could minimize one’s exposure to crime, as criminals were limited to their immediate surroundings. Economic disparities, social issues, weak community bonds, and inadequate law enforcement often explained the higher crime rates in certain areas. Today, however, cybercrime has erased the boundaries of physical proximity. Cybercriminals can commit theft from across the globe, targeting online banking credentials or identities for fraudulent purchases. This digital era has made geographical safety obsolete, with everyone at potential risk from cybercrime.
Strength as a Deterrent
You rarely hear about a professional athlete or fitness enthusiast getting mugged on the street. Such incidents typically involve victims perceived as less capable of defending themselves, such as the elderly, young women, or those of smaller stature. Street criminals prefer targets that appear vulnerable to ensure a lower risk of resistance or confrontation. This strategy minimizes the chances of the attacker facing a challenge during the crime.The concept of strength as a deterrent has been a long-standing military practice. The success of D-Day for the allied forces was the result of extensive planning and mobilizing an overwhelming force to overpower German defenses. Similarly, Julius Caesar’s victory in 52 BC against a vastly larger Gaul army showcased the power of military engineering and discipline. History is replete with examples where armies exploited perceived weaknesses, such as the Mongol invasions led by Genghis Khan, targeting disunited regions with poor defenses for easier conquest. These instances underline the principle that strategic strength can decisively overcome numerical superiority.
Cybercriminals Prey on the Weak
When it comes to hacking, a single cybercriminal with the right tools and skills can exploit thousands of victims. While some of the more infamous Russian cybercriminal gangs do pursue lofty corporate and government targets, your average cybercriminal is looking for low hanging fruit. Many threat actors even lack the necessary skillsets to implement an attack on their own and simply subscribe to Ransomware-as-a-Service kits (RaaS) to attack their victims.
This low hanging fruit can be identified by a variety of signs including outdated or unpatched software, weak or reused passwords, and unsecured websites. In some cases, hackers may acquire lists of previously compromised targets on the dark web that they can possibly score again on. Others browse social media sites looking for users that show a high propensity to click on links or answer questions that may provide clues to their passwords or security question answers. Simply put, the goal for many cybercriminals is to maximize profit with minimal effort, exploiting the simplest entry points to conduct their activities.
Why do they do It?
Clicking on a phishing link often leads to the immediate question, “Now what?” but it’s also worth pondering the motivations behind such cybercrimes. While some hackers (hacktivists) claim noble causes or political motives, the primary driver remains financial gain. This echoes the sentiment of “Show me the money” from the movie Jerry Maguire. For many hackers, the allure of easy money from exploiting online vulnerabilities is akin to a pickpocket’s interest in the cash in someone’s wallet. It’s fundamentally about profit.
Cybercriminals often aim to deceive individuals into making digital payments or provide their payment card details. However, their interest extends beyond mere currency to include valuable data that can be traded on the dark web or used for identity theft. This includes Social Security numbers, email addresses, passwords, financial or health records, and cryptocurrency wallet information. Like collectors that seek out items such as artwork, baseball cards or celebrity signed photos for monetary purposes, these criminals collect and trade personal information for profit, highlighting the diverse ways in which they can monetize stolen data.
Who are their Targets?
Concerns persist about hackers targeting personal files on local drives, but such attackers often seek more lucrative targets like online bank accounts or databases that host personal identifiable information of multiple individuals. This means targeting organizations, particularly small businesses that lack substantive security measures and knowledgeable personnel. Some of the obvious targets include healthcare facilities, E-commerce websites, and local government bodies. Non-for profits are also a coveted target as they host lists of doner information including credit cards.
Victimized by Bad Luck
Being a victim of cybercrime can be at times attributed to nothing more than bad luck, akin to being in the wrong place at the wrong time. Not all cyber victims are directly targeted. Sometimes, merely clicking on a compromised link on a website or social media can lead to trouble. Sometimes, there is no rhyme or reason why one might fall victim to an attack. In a digitally connected world, the risk of exploitation is everywhere.
How MDR can Help
Managed Detection and Response (MDR) can significantly bolster a small business’s defense against hackers and similar threats by providing continuous monitoring and proactive threat hunting. MDR services use advanced technologies and expertise to detect early signs of malicious activity, often before the attacks have proper time to play out. By identifying and mitigating threats swiftly, MDR can minimize the potential damage from cyber-attacks, reduce downtime, and help maintain business continuity. While this level of security has typically been reserved for larger organizations and corporations, MDR services are becoming accessible to organizations of all sizes thanks to third party MDR providers. This democratization of advanced security measures offers comprehensive protection that smaller organizations previously found out of reach, bridging the gap in cybersecurity defenses.
Conclusion
Just as financial analysts often struggle to pinpoint the exact reasons behind the stock market’s fluctuations, the motivations behind cyberattacks can be similarly opaque. Even if it seems you have nothing of significant value, you could still become a target. Recognizing this reality is a crucial first step. At that point it becomes imperative to take proactive measures to safeguard against potential threats, underscoring the importance of cybersecurity vigilance for everyone.