What do hackers look like? (Part 1)

Hint: Probably not what you envisioned.

When you hear the word “hacker,” what image comes to mind? 

For many, it’s a creepy, sweaty, hooded fellow in a basement, with green streams of binary code flowing through their monitors. 

But here’s the truth: those days are largely gone. 

Instead, hackers have central offices, intense security, and 401ks.

In 2023, cybercrime is a massive and well-organized industry. 

Across the globe, both private and state-sponsored cybercrime organizations are developing malware, buying and selling credentials, targeting the cloud, and doing their best to compromise systems. 

Some malware groups even offer competitive salaries or pay a commission to their employees based on ransomware payouts. Whole organizations are responsible for attacking healthcare facilities, universities, governmental institutions, and nation-states. 

Often the motivation for these nefarious groups is simple: financial gain. 

Up to 83% of recorded attacks were financially motivated, according to the Verizon DBIR

Institutions like banks, trading enterprises, and credit card companies are inundated daily with attacks, from viruses to targeted social engineering scams. Due to the clear nature of the financial sector, though, these organizations are often well-protected.

Other sectors like healthcare, retail and e-commerce, and utility providers are also top targets because they hold the second most desirable objective for cybercriminals: personally identifiable information (PII)–and because they might not have so many defenses in place. Even when a specific individual isn’t a target, hackers know collecting PII is an easy way to turn a dollar: so, when it comes down to it, businesses of all sizes are a target. 

That’s right—even your business. Many cybercriminals target opportunities, not specific businesses. Loopholes in apps, weakpoints in software—all provide the opportunity for hackers to attack businesses who happen to use these tools. So, while you may think “no one would target me” you’d be dead wrong.

Want to take charge of your cybersecurity posture? Grab 15 minutes with our experts now. Take our free assessment!

The methods hackers—more broadly known as cybercriminals or threat actors—use to gain access to money are many and varied. In many situations, cybercrime is opportunistic as mentioned above. Here are a couple of ways threat actors work: 

  1. Exploiting Vulnerabilities: cybercriminals often take advantage of known vulnerabilities in software, applications, or systems. They search for weaknesses or misconfigurations that can be exploited to gain unauthorized access, install malware, or carry out other malicious activities. When they identify such vulnerabilities, they quickly launch attacks to capitalize on the opportunity before the vulnerabilities are patched or mitigated.
  1. Phishing: phishing emails, scam calls, and social engineering tactics are all used to trick individuals into revealing sensitive information (everything from their social security numbers to protected passwords). Many methods exploit human empathy and take advantage of our trusting nature. Opportunistic cybercriminals seize moments when individuals may be more susceptible, such as during a crisis or major event, to launch phishing campaigns with tailored messages to increase the chances of success. The sophistication of this type of attack has skyrocketed since AI-driven language tools have become more widely available. 
  1. Data Breaches: when a data breach occurs, cybercriminals may act swiftly to capitalize on the exposed data. They may engage in identity theft, conduct financial fraud, or carry out targeted attacks using the compromised information. Due to compounding issues like password reuse, a single data breach (where email and password combinations get stolen, for example) can have massive chain reactions and repercussions. 
  1. Poor Cyber Hygiene: cybercriminals frequently target unsecured or poorly protected networks and devices. They might scan for an open Wi-Fi network or a device with a weak password

These examples highlight how cybercriminals seize opportunities to exploit companies, institutions, and plain old home networks to collect data and financial leverage. 

Fortunately, there are a lot of ways you can make it harder, and less appealing, for threat actors to target you. 

Book a 15-minute call with the Stratti team to learn how.