Skip to main content
Who are cyber criminals and why do they do it? 


We talk a great length about cyber crime. From trends in phishing to exploits to cyber security threats and so much in between. But we don’t often think about who is committing the cyber crime and what motivates them.
The motivations for cyber criminals can be quite simple. The two that make up the huge majority are money and information. According to a Verizon Enterprise report, financial and espionage-driven motivation make up a full 93% of motivation for attacks. Aside from that, the less-frequent but broader set of motives is often categorized as  “FIG” (Fun, Ideology, and Grudges).



The core motives can vary depending on what the cyber criminal is after, whether they are executing the attacks of their own initiative or if they’ve been contracted to do so, and who might benefit in what way from a successful cyber crime. This variety can be illustrated as follows:

Money
This can be the motive for many types of attacks, including ransomware, phishing and data theft (for sale or ransom of records). The transaction will often use a cryptocurrency if smaller in transaction size, or wire transfers for greater amounts. The cyber criminal will make money either by  extracting money from the victim directly, or capitalize on the sale of their data in underground marketplaces.

Competition
Getting into a manufacturers system can be valuable, whether for IP, blackmail, competitive intelligence, creating a PR nightmare (sabotage), or other reasons. This is especially risky given the (lack of) technical sophistication of systems across industries with complex intellectual property at their core, whether they be in technology, pharmaceuticals, high-tech manufacturing, resource extraction, general utilities, industrial systems or similar sectors.

Political Motivation
As we are seeing with numerous state actors, cybercrime is a growing tool used to achieve political ends. Whether using hacking to shut off a country’s electrical power, manipulate elections or distribute ransomware, state action is growing as a threat to all organizations – even if they aren’t a direct target.

FIGs
Some criminals enjoy being able to exploit weaknesses. Others do it for ideological reasons or to drive disclosure of information they deem is in the public interest, and some may just never let grudges go, whether it be from bad service, a faulty product or to settle any kind of score. They might use any of the tactics mentioned above, or execute DDoS attacks based on their motives as well, though that tactic could be applied to political or competitive motivations as well.
While there isn’t an exceptional amount of data to draw on about attacks and their motivations, we did find an interesting Raconteur infographic. It brings up a few key takeaways to consider.
Financial crime is the most common objective of attacks (41%). This comes as no surprise, but what may come as a surprise is that insider threats (27%) and competitive (26%) objectives in 2nd and 3rd respectively.
The Manufacturing industry seems to be at a far greater risk of attacks for espionage motivations than for financial motives.
While the Healthcare industry is targeted for financial motives, it has the highest incidence of FIG motivations.
Public administration is the victim of fewer espionage attacks (both as ratio of overall attacks and in absolute numbers) than the manufacturing industry. This is surprising at first, but could be result of a smaller number of public administration targets compared to manufacturing, or that public administration is better prepared and aware of the value their information has to attackers.

The “Hacker”

It’s also worth highlighting how the word hacking is misused. A discussion on why “hackers hack” wouldn’t be fair without stipulating what we mean by hacker. The hacker-tinkerer of the 80s and 90s appears to be synonymous with the cybercriminal, an equivalency that is patently unfair. The motivation of hackers – the ones who are looking for bugs and reporting them – are very different and not criminal in nature. According to one report, 72% of hackers do it for money, that includes legal bounties paid by the likes of Google, Microsoft, Apple and others. 70% Agreed that they do it for fun.

Comments

  1. Important Information Regarding unethical Hacking of Data over the internet.

    ReplyDelete
  2. Amazing blog.. it will help lot of people to know about how cyber crime is increasing and harming us

    ReplyDelete
  3. I believe everyone should aware about cyber crime because in today's world we are all over to the cyber life so, we should also be aware about it's disadvantages. Thanks for sharing this information through your blog

    ReplyDelete
  4. Toray I Got to know briefly about cyber criminals and learned about their motives to attend auch tpye crime. Wonderful Work👏🏼. Keep It Up.

    ReplyDelete
  5. Very informative content as you mentioned about hacking... In india we don't have strict lawa against hacking.... For crimes like hacking we need support and collaboration in making of law from other countries as well

    ReplyDelete
  6. its helps alot to know more about cyber crimes now a days

    ReplyDelete
  7. now days cyber-crime is in rapid growth and this information is very helpful to understand the cyber crime and criminals.

    ReplyDelete

Post a Comment

Popular posts from this blog

TOP 10 CYBERSECURITY COURSES IN INDIA 1. Master Certificate in Cyber Security (Red Team) – Jigsaw Academy with HackerU Jigsaw_Cyber-Securit Jigsaw Academy is a global award-winning training provider headquartered in Bengaluru, India. Founded by the duo of Gaurav Vohra and Sarita Digumarti, Jigsaw Academy has been instrumental in shaping the careers of over 50,000 learners in 30+ countries by helping them build a successful career in emerging technologies with specialised industry oriented courses. The domain experts and educators at Jigsaw Academy offer meticulously structured courses with industry-relevant curricula. Jigsaw Academy trains professionals in the areas of analytics, data science, big data, machine learning, business analytics, and more recently, cybersecurity and cloud computing. W3Schools Flagship Cybersecurity Program: Jigsaw Academy’s Master Certificate in Cyber Security (Red Team) in association with HackerU Duration Of The Program: 600 Hours (20 Hours of...
Are cookies harming your privacy? Internet users consider that their activities on the Internet are being monitored almost every day for different reasons. Sometimes, the ads of a product that we've looked for via search engine on the previous day show up the next day and we are surprised by the suggestions offered by the internet sites as if they know us better than us. Moreover, there are even those who claim that the issues spoken during any conversation are shown as advertisements on the Internet in some ways. However, we continue to use the Internet sites without paying attention to what is written in the small boxes that we face when we first enter them. These small boxes often contain details about how our information and activities are collected and used through cookies, so that we can make better use of the websites. Cookies are small text files with the .txt extension stored on the users' devices through the users' browsers, as opposed to a computer pro...
An initiative from government Cyber Crime Prevention against Women and Children (CCWC) The Scheme for Cyber Crime Prevention against Women and Children (CCWC) has been formulated by the Ministry of Home Affairs to have an effective mechanism to handle cybercrimes against women and children in the country. Components of the CCPWC Scheme Online Cybercrime reporting Unit Forensic Unit Capacity Building Unit Research & development Unit Awareness Creation Unit Type of information that would be considered as evidence while filing complaint related to cybercrime It is important to keep any evidence you may have related to your complaint. Evidence may include: Credit card receipt Bank statement Envelope (if received a letter or item through mail or courier) Brochure/Pamphlet Online money transfer receipt Copy of email URL of webpage Chat transcripts Suspect mobile number screenshot Videos Images Any other kind of document There is need for a well-define...