7 motivations behind cyber attacks

Cyber attacks are becoming more frequent and sophisticated, with hackers employing ever-more-difficult-to-detect and dangerous methods. Studies suggest that the annual cost of cybercrime damage will reach a staggering $6 trillion globally by 2021. This represents a significant increase from $3 trillion in 2015. But what are the real motivations behind these cyber attacks?

Experts estimate that financial gain and espionage are the driving forces behind a whopping 90 percent of attacks. Personal information (36%), payment details (27%), and medical data (25%) are the most common targets for cybercriminals. Personal information (name, address, social security number, email, phone number) is often used for identity theft, while the payment information (credit card numbers, etc.) is used for immediate online purchases. Medical data is used to buy medicine or receive medical treatment.

Let’s delve into the top 7 motivations behind cyber attacks:

1. Profit or Financial Gain

This is the primary driver behind most cybercrimes. Hackers, like those behind the infamous Dyre malware, can earn substantial revenue by targeting organizations, causing losses between USD 500,000 and USD 1.5 million. Ransomware is a prevalent profit-driven attack. In a recent case, a US healthcare institution reportedly paid cybercriminals around $17,000 in Bitcoin to decrypt their hijacked systems.

The Colonial Pipeline ransomware attack (May 2021) targeted critical infrastructure, disrupting fuel supplies on the East Coast of the US. The attackers demanded millions in ransom to restore operations. Hackers often target multiple systems for maximum impact, as opposed to infecting a single machine. Additionally, breaches involving point-of-sale (PoS) malware have resulted in the theft of millions of debit and credit card details, which are then sold online.

2. Politics or Social Motives

Hacktivist groups like Anonymous operate based on political or social motivations. Nation-state actors are also often driven by political agendas. For instance, the Cyberattacks on Russian targets (March-April 2022) in response to the invasion of Ukraine involved hacktivist groups disrupting government websites and leaking data.

Some government organizations, such as the US Army Cyber Command, are well-known in this domain. However, traditional espionage groups and agencies in many nation-states have likely also become involved in cyber operations. These attackers, whether government employees or contractors, tend to be well-funded and well-organized. Their primary goal is to steal classified or sensitive information, but sabotage can also be an objective, especially during periods of heightened tensions or military conflict. Nation-states may even launch attacks to cripple another country’s economy.

3. Patriotic or Ideological Motives

Some attackers are primarily driven by patriotism or ideology, perhaps inspired by political or social events, or even revenge. There have been documented attacks by politically motivated individuals in countries like the United States, Russia, China, Ukraine, Indonesia, India, Pakistan, and Australia. However, such attackers may not always be acting independently; they could be encouraged by a state political organization. The most readily identifiable ideologically motivated attackers are those who support groups like ISIS or Al Qaeda.

4. Sabotage

Critical infrastructure systems like power grids, air traffic control, and water supplies are vulnerable to attacks by hackers and nation-states. The motivations for such attacks can vary. State-sponsored cyber groups might aim to disrupt an opponent’s operations, extortionists might seek money, and malicious actors might simply act out of personal satisfaction. Stuxnet, a well-known malware program believed to be a state-sponsored attack, targeted Iran’s nuclear program. This malware aimed to disrupt and cause failures in a process while making it appear that the systems were functioning normally.

5. Extortion

Extortion attacks differ in that the attacker uses the victim’s potentially embarrassing personal information to coerce them into action. In such a scenario, the victim might be persuaded to install a VPN client (or use an existing one) that connects to an attacker-controlled system, granting access to the victim’s network. These connections can be difficult to detect because they don’t involve malware or generate unusual amounts of traffic.

6. Ego or Vanity

Ego-driven attackers seek fame or notoriety through cyber attacks. They might try to legitimize their obsession with a political or social cause, but their ultimate goal is simply to have their name recognized. These attackers often use vulnerability scanning tools to identify easy targets. They have no specific victim in mind; they simply exploit opportunities. Their primary motivation is self-promotion. Individual “script kiddies” launching denial-of-service attacks against high-profile targets may be motivated by a desire for notoriety or bragging rights within online communities.

7. Revenge

Recent cyber incidents highlight the risks associated with disgruntled or departing employees who might be tempted to steal valuable information. In June 2018, Tesla disclosed that a disgruntled employee hacked into their computer systems, stole company secrets, and passed them on to others. In separate incidents, a former programmer and an ex-employee from Apple were caught selling stolen code and confidential self-driving car information, respectively. Each of these scenarios resulted in harm to the targeted organizations.