What Hackers’ Behaviors Can Tell Us About Who They Are And How They Operate

Cybercriminals are everywhere. Both domestically and around the world, countless hackers work day in and day out to penetrate the digital defences of businesses just like yours, using a variety of proven, effective, and ever-evolving methods.

Whether they infect your system with malware hidden in a seemingly innocuous email attachment or con an unsuspecting employee out of vital information through social engineering, the results are the same: data loss, financial damages, lawsuits, reputational damage, bankruptcy, and worse.

Do you know how they operate, and how cybersecurity professionals track them down?

How Do Hackers Attack Businesses Like Yours?

Malware comes in many different forms and is used by hackers in a number of different ways. It can be used to steal information, locate vulnerabilities in your IT systems for a secondary attack, or simply to cause damage.

While cybercriminals continue to innovate new forms of malware and the ways they use it, there are currently three main types that you should be familiar with:

  • Malicious Scripts: This type attacks when you or a member of your staff visits the wrong web page. With the right conditions (user with admin rights, an outdated browser, lack of anti-malware software), simply loading the wrong web page is enough to infect your system.
  • Embedded Media: While this form also attacks from a web page, it is through an infected media that is embedded in the site, such as a video or audio file. If your browser media player isn’t up to date (which is extremely common among today’s users), simply playing the media file can lead to a malware infection.
  • Infected Files: The oldest form of the three is also the simplest. By downloading and running files (media codecs, screensavers, desktop images, etc.) that they haven’t properly inspected ahead of time, or that contain a hidden malicious file, the user openly invites malware into the system.

Beyond simple (yet still surprisingly effective) malware attacks, there are also the more active attack vectors employed by dynamic websites to trick you into clicking the wrong link or downloading the wrong file. We’ve all encountered popular attack vectors used by online advertisers to get us to click their content; pop-ups, time-delayed superimposed ads, redirects, required downloads and more.

While ads like these are certainly annoying, they’re not particularly dangerous. What is dangerous is how cybercriminals have followed the advertisers’ lead in using the same methods to get you to visit a malware-infected page or download a disguised malware file. The primary attack vectors used by hackers today include:

  • Owned websites: In this method, a hacker will either trick you into visiting their personally developed malware site or take over and infect a site that is already commonly visited by the public.
    Spoofed Domains: By registering a domain that’s nearly identical to a site that you’d visit without a second thought, hackers can trick you into clicking a link that you think will take you to a familiar page, but instead leads to malware.
  • Phishing: Put simply, phishing works by getting the victim to click the wrong link (usually by being instructed to “Click Here…”), and download a dangerous file to their system.
  • Cross-site Sculpting: This attack works by injecting client-side scripts into a vulnerable web page. When users view that page, the browser automatically executes the script, usually to steal private information or install malware.
  • Malicious Links: Simply by posting a seemingly harmless hyperlink in an email, on a forum, or in a comment, the hacker can sit back and wait for an unsuspecting user to click through to a webpage that hosts a malicious code.

How Do Hackers Make A Profit?

An often overlooked part of cybercrime culture is the way that cybercriminals make money doing what they do. Business owners, managers, and IT personnel are more concerned with security and protection, rather than think about the other side of the equation.

Here are three primary ways hackers make money:

  • Ransomware: In a ransomware attack, an unsuspecting user clicks on a seemingly safe link or an emailed attachment that appears to be a bill or other official document. Instead, the attachment installs a malicious software program (malware) onto the computer system that encrypts the data and holds it at ransom. The user is then stuck without access to their data, and faced with paying the attacker a huge sum. This is likely the most well-known way hackers generate a profit. Year after year, cybercriminals continue to increase the asking price, with the average ransom growing from $41,198 to $84,116  in 2019.
  • Selling Data: A simple way to make money in cybercrime is to simply sell valuable data. Financial info, SSNs, medical info, etc., almost anything identity-based and private has a value, and can often be sold for as little as $3 per record.
  • Selling Access: A common misconception about cybercrime is that it’s obvious when you’ve been hacked. Alarms go off, your bank account drops to $0, etc.

However, more often than not, cybercriminals will quietly gain access to a network or an account and then sell that access on the Dark Web. This is a simple way to monetize their efforts without having to demand a ransom or trick someone into executing a transfer of funds.

How Do Cybersecurity Professionals Track Down Hackers?

In the largely anonymous world of the web, it can be difficult to align malicious users with their real-world counterparts. Cybersecurity teams utilize a range of tactics and tools to both ingratiate themselves with hackers, and gather evidence of their activities in order to build a case against them.

For example, over the course of four years, Night Lion Security tracked an active and dangerous hacking group, “TheDarkOverlord”, eventually identifying a key member: Christopher Meunier, a 19-year-old from Calgary, Canada. Coordinating with other agencies and teams, Night Lion Security gathered evidence as to Meunier’s crimes committed with the help of another hacker. It was eventually determined that just these two individuals were responsible for up to 42% of all non-credit card related data breaches since 2017.

Connecting the different members of a given hacking group like TheDarkOverlord isn’t necessarily easy. Investigators have to gather data from the victims; in particular, IP addresses. This info can then be analyzed for patterns. In one instance, a few identical IP addresses between many more attacks helped point investigators towards the culprits.

What Would Make You An Ideal Target?

The short answer is lack of awareness. Almost no hacking attempt can be a success without the victim playing at least some role in the process, such as:

  • Visiting a malware-infected, unsecured website, either via an email, inappropriate browsing habits or otherwise.
  • Opening an untrustworthy attachment in an email from a hacker that’s disguised as a business contact, employee, client, government agency, etc.
  • Downloading files that include a stow-away malware program or virus.
  • Conducting any of the above while logged in with administrator rights provides even greater access to the hacker that’s infecting the system.

The bottom line is that digital security begins and ends with the user. Regardless of how modern, expensive or well-recommended your security software is, one wrong move by a single employee can be all it takes to infect your system.

Is Your Technology Making You An Easy Mark?

Outdated, unsecured and just plain faulty technology is just as likely to make you an ideal target for hackers as an unsuspecting employee is. A major part of the investment in new technology is that it comes prepared to handle all previously identified hacking threats and security loopholes. The older your technology is, the more vulnerable it is to new hacking techniques.

Here are three vital considerations you should keep in mind when evaluating your current technology:

  • Patch regularly, and patch often: Did you know that one of the most common ways cybercriminals get into a network is through loopholes in popular third-party programs? That means the computer programs you rely on to get work done every day could be leaving you vulnerable to security breaches if you fall behind on updates. That’s why patch management is such a crucial part of proper IT security, in order to help you stay ahead of the non-stop tide of oncoming digital threats.
  • Manage technology lifecycles: As good as it is to run a frugal business, it’s important to keep in mind that you’re not a college student trying to make an old, beaten up laptop last until you can afford a new one. You’re running a business, with much more to invest in and much more to lose. When your software reaches End Of Life (EOL), it will no longer receive the vital security patches it needs to keep you safe. At that point, as much as you may like the current operating system, you have to let it go and replace it with the new, secure version.
  • Legacy technology isn’t worth the risk: Legacy software is often the gap in an otherwise capable suit of digital armour. Your business may have brand new infrastructure, top-of-the-line security technology, and fresh-out-of-the-box desktops, but in the end, your unpatched, out of date legacy web browser will be what does you in. Just as with EOL, don’t let your favourite bit of technology put you at risk.

Reliable Networks Will Help You Defend Yourself Against Hackers

Perhaps more than anything else, effective cybersecurity is about what you know.

Do your staff know how to spot a phishing attempt? Do you understand the limits of your current cybersecurity defences and do you have a security policy in place?

You need to take the time to find out where your blind spots are, and address them with proven solutions and processes. Get in touch with the Reliable Networks team to get started today.

Gregory Olczyk

Gregory Olczyk