Cyber-attacks are hitting the headlines on a daily basis and a lot of effort goes into both preventing them and dealing with the consequences when they have happened. Understanding the motivation behind attacks can help organisations understand more about the risks they face so that they can tackle them.
So why do cyber-attacks happen?
1. For financial gain
This is the most likely reason an organization get attacked. Criminals are looking to gain financially in three main ways:
Data breaches to feed identity theft. Third-party fraud is fuelled by identity theft, and breached data gives criminals the information they need to take over someone’s identity. In the UK the CIFAS Fraud Scape 2016 highlighted a 49% growth in identity theft over the previous year.
Criminal gangs are well-organised and operate on a commercial basis – there is a supply chain, those that steal data are unlikely to be the same criminals who commit the identity theft and fraud. The dark web provides a market place for stolen credentials – with those that have stolen personal data selling it on to those who wish to commit fraud.
Cyber-attacks with financial demands. A modern take on blackmail, this can affect organisations of all sizes as well as individuals. There are many variations — for example, hackers takeover a victim’s computer and freeze it, they then offer to reinstate access after a ransom has been paid. Another variation lead to a recent case where guests at a hotel in Austria were prevented from entering their rooms until a ransom had been paid – the hotel is reportedly removing electronic locks accessed with cards and reverting to old-fashioned keys!
Attacks to perpetrate a direct fraud on a business. This type of attack usually involves the diversion of funds from their legitimate destination to a fraudster’s account. Criminals use techniques such as phishing and vishing to tease out enough information to enable them to mount an attack. They then access email systems and send emails that look legitimate but aren’t. A variation of this attack is invoice fraud when an email is received that looks like it is from a legitimate supplier and is advising of a change of bank account details – unfortunately, the bank account details supplied are those of a fraudster. This kind of fraud often combines elements of cyber-attack with offline elements such as social engineering.
2. To make a political or social point
Hacktivism involves breaking into a system for political or social reasons. Until relatively recently, this was seen as the domain of underground organizations such as Anonymous. The recent US election has put focus on the role that governments might play in furthering their aims through hacking activity.
Hackivists look to access information that can damage their intended target. Hacked information often ends up on Wikileaks; the breach at Mossack Fonseca and subsequent publishing of the Panama papers is a good example of this.
Hacktivists also mount cyber-attacks to stop their targets carrying out their normal activity, known as Denial of Service or DoS attack. Governments and political bodies are often the target of DoS attacks.
Hacktivists come from across the political spectrum. Terrorists may use hacking to attack their targets but other hactivists are intent on bringing down ISIS websites.
Many businesses may feel that they are unlikely to be a target for political or social hactivists, though it is well to be aware that the targets of these attacks vary greatly. If someone objects to your operations, you could find yourself at the wrong end of a hacktivist attack.
3. For the intellectual challenge
This type of hacker plays to the stereotype of the socially awkward loner who lives in a virtual world and turns to hacking for both the intellectual challenge and the adrenaline rush of breaking into a network. Interestingly, research by Bernadette Schell, a researcher at the University of Ontario Institute of Technology, found that hackers were no more likely to be on the autistic spectrum than those choosing careers in computer science, mathematics and the physical sciences.
Those who hack for intellectual stimulation are not necessarily criminals. They could be “white hat” hackers who help organisations to explore their vulnerabilities so that they can put defences in place.
While white hat hackers work with or for companies and are a force for good, other hackers motivated by intellectual challenge can cause harm. While they may not have bad intentions hackers, particularly the inexperienced who are often referred to as ‘script kiddies’ can cause damage during their incursions and leave systems vulnerable to those with ill intent.
The “why” of cybercrime is complex. In addition to the motivations already mentioned, hackers could also be motivated by revenge or wish to spy to gain commercial or political advantage. The different motivational factors for hacking can coincide; a hacker who is looking for an intellectual challenge may be happy to also use their interest to make money or advance their political agenda.