In the first part of our little blog series on the basics of malware, we’ve been dealing with the terminology of viruses, worms, etc. We discovered that the types of cyberattacks have changed considerably over the years. Until a few years ago, relatively simple spam messages and viruses were widely distributed according to the minimax principle (minimum effort at maximum range). Today, attacks are more sophisticated and unique. This is because defense mechanisms have adapted and the detection of waves of mass spam and viruses has been significantly improved. But before this multi-part series explores how malware can be analyzed and fended off, let’s shed light on who’s behind all these attacks.
The stereotype of a hacker looks something like this: A pale, hoodie-wearing, single man sits in a dark basement while eating pizza and drinking cola. From here, he is hacking code into a computer and attacks his targets. The reality of it is much more complex. Nowadays, cyber-attackers are acting like small businesses – they consist of teams whose members specialize in subtasks and who professionally distribute their “goods”. After all, this industry has become a highly lucrative field of activity and cybercrime revenues are said to be even higher than in worldwide drug trafficking.
More than just nerds sitting in basements
To security professionals’ dismay, there are a large number of varying cybercrime groups. To complete the list thematically, we therefore also have to include the field of cyberwar. The goals of this group of people are often not monetary, but ideological.
The following list shows some groups that most cybercriminals can be divided into:
Professional criminals
This group includes all those who pursue purely economic goals with their cyber-attacks. Their aim is to generate the highest possible amount of money – in whatever form. In addition to banking trojans and spyware, they also use ransomware attacks or crypto mining malware. The sale of stolen data and information should also be mentioned: Selling lists of emails or other personal information, botnets and other content can be highly profitable. Even the sale of malware itself falls into this category: attacks are offered as a service, so that even technically less experienced or less-equipped people can launch attacks. This could be in form of a new ransomware, but also in form of a simple DDoS attack on companies, organizations and government agencies.