Cyber attacks happen every day, and it’s no secret that they are increasing in frequency and sophistication. While threat actors generally don’t discriminate based on company size or type of organization, the criminal’s motivation for attack generally points to the victim. Understanding the why behind a cyber attack is critical in developing effective cybersecurity strategies to protect your organization.
4 Common Motivations
Monetary gain is perhaps the most common reason for hackers to attack an organization or an individual. In these cases, threat actors (often affiliated with cybercrime gangs) target companies they believe will pay a ransom to recover stolen information.
By launching a ransomware attack via a phishing email for example, bad actors can breach a company’s network and hold it hostage or steal and threaten to release sensitive data including login credentials or PII. Once attackers have access to their desired information, they will then demand the organization pay a large sum for the decryption keys or the return of data.
Victims of monetary-driven attacks can include large corporations with significant wealth or small, local businesses who are forced to pay the ransom instead of waiting for cybersecurity recovery efforts because they cannot afford the forced downtime.
Hacking For A “Good” Cause
Hacktivism (hacking meets activism) is for those hackers seeking to drive change, generate awareness, or expose a political adversary. Most commonly, hacktivists go after terrorist groups. These hackers are younger, less experienced, and can operate in groups devoted to a specific cause. Unlike criminals hoping for a large windfall, this group hopes to launch a revolution and sway public opinion to their viewpoint.
In these attacks, hacktivists will target internal communications that shine a light on unsavory elements or actions of the organization to embarrass them or reveal corruption.
Similar to hacktivism is government sponsored hacking, which utilizes state-sponsored operatives (typically hacktivists or generic cyber criminals) who are hired on a freelance basis to execute cyberattacks on that government’s behalf. Attacks are usually aimed at other political states who have committed a perceived slight against the attacking government, but they can also be committed for financial reasons.
Lack of job satisfaction or poor management can inspire disgruntled employees to execute a hack internally. These hackers are company users that can include workers, contractors, and vendors who have network access and can turn a potential threat into a realized attack.
Internal threats are particularly troubling because these attackers have inside knowledge regarding the company’s security strategy and might be aware of potential vulnerabilities that can be exploited.
Protecting Your Organization
Regardless of their motivations, hackers tend to share a particular trait: laziness. In this regard, cybercriminals are more likely to attack the company that will be the easiest to infiltrate. If torn between two organizations, hackers will likely choose the company with the weaker cybersecurity. Knowing this, companies should be continually refining and optimizing their security protocols and patching regularly. No one wants to be the easy target.
Threat actors often utilize the same attack vectors, which include:
- Phishing and more targeted spearphishing emails
- Vulnerability exploitation
- Breaching Remote Desktop Protocol (RDP)
While no organization is immune from hackers, by taking proper steps to protect your network, you can reduce your company’s risk of attack.
Content originally written by Blue Team Alpha and has been reposted here with permission.