How Do Hackers Make Money?
Date: 10 January 2022
In the midst of a global pandemic, businesses have suffered from a variety of reasons – some due to their completely physical consumer interface, some due to the impact of cyber attacks on their computer systems and others simply because of limited cash flows.
But there is one business that has thrived and made more money than ever – the business of cybercrime. Since the beginning of the COVID-19 crisis, there has been a noticeable increase in the sale of compromised networks on dark web forums.
Computer hackers are making more money than ever through ransomware attacks, stealing sensitive information, selling this information online or getting paid hefty ransoms in exchange for unblocking encrypted data.
In this blog, we explore how cybercrime is monetized and how exactly are hackers making money these days.
People around the world have learned to do everything remotely in the era of the healthcare pandemic – from working, banking, shopping, dating to even hosting virtual weddings and funerals. The upshot is that we’ve been giving cybercriminals the advantage they needed to steal vital personal information necessary to unleash more crime and gain more financial advantage.
In 2021, the rate of sales of access to compromised networks increased by 50%. The market has also grown in diversity, from when sales only included selling credit card information. Now access to remote desktop connections, mail servers, and more are up for purchase. This means that networks that are already compromised from around the world can be both bought and sold.
Phishing attacks and ransomware infections are at the forefront of cyber crime today. While phishing is a tactic of infecting a machine with a form of malware, ransomware is the end goal of the attack. Both have emerged as the top concerns for cybersecurity specialists across the globe.
The only way to deal with them, however, is to train and educate staff about these techniques. Use this free incident response plan template doc to create a robust cybersecurity response plan. You can also check out this Ransomware Checklist to see where your organisation stands in terms of its ransomware readiness.
Phishing is a type of attack in which criminals will send malicious emails designed to trick users into falling for a scam with the intention of getting them to reveal financial information, credentials or other sensitive data. Phishing scams often utilize social engineering tactics that encourage individuals to act without stopping and thinking things through.
Attackers also regularly target organisations with ransomware, a process that encrypts files and private data and demands an untraceable sum of ransom money in the form of bitcoin or other cryptocurrency to restore the files, usually without a guarantee that everything can be saved. Ransomware attacks either completely block access to data or threaten to leak the sensitive information online unless the ransom demand is met.
Some common types of cyber frauds to beware of:
There are nearly one dozen different types of frauds that cyber criminals can commit to their benefit, making cybercrime one of the biggest problems for civil society and a highly lucrative business for themselves.
- Online dating has become a potent tool for vicious cyber criminals. Hackers create fake profiles and social media accounts and establish an online relationship with their targets. They, then, make up stories and coerce their targets to send money to them or reload their digital wallets etc. It is, therefore, critical to be extra cautious while indulging in online dating and to ensure that you’re not actually falling in love with what has come to be known as a “romance scammer”.
- Gift card fraud is another popular type of cyber crime that’s catching up. Gift card fraud either happens when you upload your gift card number on a malicious site that claims to tell you what your balance is and then steals all your information. The other type of gift card fraud is where stolen credit card credentials are used to buy gift cards and resell them.
- Hospitality fraud works when threat actors manipulate their victims into disclosing financial information and PII (personally identifiable information) through fake travel services, such as renting a car, hotel or flight booking, trips, and other offers when on a vacation.
- Stolen identity refund fraud (SIRF) is a form of tax return fraud where the attacker will file a tax return using the victim’s compromised information and attempt to steal the target’s tax refund.
- The most common types of fraud, however, are bank frauds that will constantly adapt to changing trends, such as credit card fraud, online banking fraud, and frauds committed using a wire transfer service.
How To Prevent Cyber Crime?
Hackers have only gotten cleverer during the pandemic and their attacks more sophisticated. They are constantly developing new methods of scamming their targets and the successful attacks are typically the result of user error. You can reduce the risk of your business falling victim to a cybercrime by practicing these simple steps:
- Hold cybersecurity training sessions for employees to help raise their awareness, their ability to recognize potential threats and report any suspicious activity or error on their part in real time.
- Gather threat intelligence from sources on the dark web and inform your security team so that they’re aware of active threats and current cybercrime trends.
- Implement two-factor authentication to help keep accounts secure.
- Invest in a multi-layered security system to filter out emails with harmful content and keep them from reaching your inbox.
- Monitor and update systems and software regularly.
- Invest in a password manager to make using original and unique passwords for each account easier.
- Avoid using public WiFi as the information you type in or view is unencrypted and therefore can be easily intercepted by hackers.
Stop Criminals from Profiting from Your Business
The best method of protection against cybercrime is planning and preparing. You need to build a solid cyber incident response plan for your business and test this plan regularly through cybersecurity tabletop exercises.
Cybercrime can be monetized in a number of different ways, but all of these ways can be thwarted if you have the right systems in place. Educating your business team and the management is the first place to start when it comes to protecting your business against cyber-attacks and ransomware attacks.
Everyone should also be aware of and conversant with what their individual roles and responsibilities are if the organisation does come under attack. Through regular rehearsal of ransomware response checklists and incident response plans, it is indeed possible to stop cyber criminals in their tracks.