Top Information Hackers Look For
There are two types of cyber attacks, targeted and untargeted. Targeted could be as specific as going after a certain business or government agency, or as broad as a certain sector such as education or healthcare. Targeted attacks often occur when an enemy or competitor specifically targets a business or entity for the purpose of creating reputational or production damage, or monetary loss by the victim.
Untargeted attacks are far more common than the alternative. In an untargeted attack, hackers cast a wide net hoping to infect as many people as possible. Since cyber attacks often result in a monetary gain by the hacker, casting a wider net means higher profits. But what exactly is profitable?
It depends on the attack. If a hacker is looking to steal information to sell on the dark web, they will think they hit a gold mine with the information below:
- Name
- Date of birth
- Address
- Social security number
With that information, they could also create fraudulent credit card accounts. Again, a gold mine.
Other Means of Monetary Gain
Hackers are also infecting users with ransomware, which locks the user’s files until a payment demand is met. The only way for a user to work around this is to restore their system using backup files. Often times businesses will have backup files in place, but it may be more costly to restore using backups than to just pay the ransom. Often times, home-users do not have their backup files stored on an external device or cloud-based provider, meaning they feel like they have no choice but to either pay or be out their information.
Ransomware hackers also know certain verticals are more willing to pay the ransom than to wait out restoring their systems on their own. For instance, financial institutions are entirely dependent on IT. This means, if a hacker were to take down a banking network they would be entirely paralyzed. Customers would have no idea what their bank balance is, online banking wouldn’t work, balance transfers would not be available, and all credit/debit card transactions would be denied. The bank would have no option but to shut down until the systems were remediated.
The healthcare industry has also been the victim of multiple ransomware attacks. Unfortunately, at times they’ve opted to pay the hackers with the hope of getting access to their systems again. Historically when a hospital has been hit with ransomware, various appointments were canceled, and patients were rerouted to other facilities to have their medical care needs met. Not only does this impact the hospital’s bottom line, but also their reputation.
Don’t Fall Victim
Data is only as safe as the endpoint it is kept on. The easiest way to avoid falling victim is to employ an antivirus protection that uses an automated application whitelist technology. This will block all unknown and potentially malicious files from executing on your device. A whitelist, also known as a default-deny approach, will only allow known trusted programs to execute. The technology should also include a way to block fileless malware attacks, which use scripting engines to execute malware, instead of downloadable files.
Also, users need to keep their operating systems and third-party applications updated with the latest versions. This mitigates the risk of hackers using known security vulnerabilities to exploit the system.
