Cyber attacks are becoming more common and more sophisticated with hackers using new methods that are difficult to detect and dangerous than ever before. Studies suggest that by 2021, the annual cost of cybercrime damage will cost the world $6 trillion. It’s a significant increase from $3 trillion in 2015. Now, what are the real motivations behind these cyber attacks?
The key motivation behind 90 percent of attacks, according to experts, is financial gain and espionage. Personal, payment and medical information are the most common types of data targeted by cybercriminals.
Thirty-six percent of data compromised are personal information. It includes name, address, social security number, and contact information such as email and telephone. These data are often used in identity theft and can be used to apply for loans and open new credit cards. Payment information compromises 27 percent of the data stolen in cyber attacks and may include credit card numbers and other financial information. Once hackers have credit card information, they can make purchases online immediately. Medical data accounts for 25 percent of security breaches. This is used by hackers to buy medicine or receive medical treatment.
Let’s look now at the top 7 motivations behind all cyber attacks.
1. Profit or financial gain
The driver behind the most active areas of cybercrime is the direct financial gain. The hackers behind the infamous Dyre malware have earned very substantial revenue from targeted organizations, losing between USD 500,000 and USD 1.5 million. Ransomware is a common profit-driven attack that is in use today. In a recent ransomware attack, a US-based healthcare institution reportedly paid about $17,000 USD in Bitcoin to cyber criminals for the keys needed to decrypt their hijacked drives. The hackers target a number of systems instead of infecting a single machine. Notably, infringements of retail point-of-sale (PoS) malware were responsible for the theft of millions of debit and credit card information that is often then offered for online sale.
2. Politics or social motives
Hacktivists such as the Anonymous Collective are politically or socially motivated. Most nation-state actors are driven by political motivation. Some government organizations that operate in the field, such as the US Army Cyber Command, are widely recognized, but the traditional espionage groups and agencies have also probably become cyber operations in many nation states. These attackers, whether employees of the government or contractors employed, are likely to be well managed, well organized and resource-based. Politically motivated attackers are seeking, mainly, secret or sensitive information of some kind, but, especially in times of heightened tensions or military conflict, sabotage is another very real objective. National States can also carry out attacks aimed at damaging the economy of another nation.
3. Patriotic or ideological motives
One class of attackers operates mainly from a patriotistic or ideological perspective, which is perhaps inspired by political and social events or motives like revenge. The attacks of politically motivated attackers in countries such as the United States, Russia, China, Ukraine, Indonesia, India, Pakistan and Australia have been documented. But such attackers may not be politically motivated; they can be encouraged by a state political organization. The most readily identified ideological attackers are those who support groups such as ISIS or Al Qaeda.
Power grids, air traffic control, water and other critical systems are vulnerable to hackers and nation states being attacked. Typically attackers in that category attempt for various reasons to damage or disrupt critical infrastructure and systems–state operated cyber groups to reduce the effectiveness of an opponent, extortionists for money, malicious actors purely to satisfy themselves. Stuxnet is perhaps the most well-known malware used in an attack on Iran’s nuclear programme, which is widely regarded as a state sponsored attack. The malware aimed to destabilize and cause failures in a process while reporting that systems work normally.
Extortion attack is a completely different kind. It involves the attacker using a personal information element of the victim, which is ideally embarrassing, to force him or her to act on behalf of the attacker. In such a scenario, the victim may be persuaded to install a VPN client (or use an existing one) and connect to an attacker-controlled system, providing the victim’s system with access. These connections can be hard to detect as they do not involve malware and do not produce an unnecessarily large volume of unusual traffic.
6. Ego or vanity
Vanity or ego-motivated attackers search for fame or infamy by cyber attacks. In a political or social cause, they try to legitimize their obsession but actually only want to see their name in the light. They normally use vulnerability scanning tools to identify easily attackable hosts. For no specific reason are their victims chosen, but they are just goals of opportunity. These attackers want their own name to be promoted.
Many recent cyber incidents recall the risks associated with disgruntled or disappearing employees, who may be tempted to steal valuable information. In June 2018, Tesla disclosed that an unhappy employee has hacked his computer systems and stolen the secrets of the company, passing them on to others. Separately, a former programmer from NSCO was detected selling code he was supposed to steal from his former employer, while an ex-employee from Apple is accused of downloading and taking sensitive contents of their autonomous technology. Every scenario is harmful to the target in one way or other.