We’re all familiar with the idea that pop culture has cultivated in our minds about computer hackers, but as it happens, this impression is just one of the many shapes that the modern hacker can take. This kind of closed-off view is dangerously shortsighted, so let’s take a few moments to dig into the kinds of hackers there are, in ascending order of the threat they pose to your business.

The Heroic Ethical Hacker

It is important to acknowledge that hackers aren’t all bad—some are actually committed to using their skills to protect businesses from threats. By examining a business’ defenses from the perspective of a cybercriminal, the ethical hacker can help you identify vulnerabilities in your network infrastructure so that they can be resolved appropriately. These are the hackers that you hire for your own benefit.

The Accidental Hacker

It isn’t unheard of for someone to go poking around on a website—particularly if they stumble upon a preexisting issue on it. Unfortunately, this kind of poking can often result in them finding more than they bargained for. This kind of hacking has raised the question of whether such activity should be prosecuted if the person responsible reports what they have found back to the company.

Either way, what does it say about a business’ security if its website can be hacked accidentally? Such events need to be looked on as a warning to improve the protections you have in place.

The Pokey Curious Hacker

Just one step up from the accidental hacker, some hackers are fully aware of what they are doing and are just doing it to find out if they can. Meaning no real harm, these hackers are seeking little more than validation—or, in layman’s terms, bragging rights. Having said this, it is important to acknowledge that this variety of hackers is becoming rarer with the increased criminal accountability that such activities bring with them. Nowadays, hardware modification by means of single-board computers now occupy the time of those that would be interested in these kinds of activities.

The Scammy Networking Hacker

Adware—or a piece of software that hijacks your browser to redirect you to a website hoping to sell you something—is a real annoyance, as it wastes the user’s valuable time and energy. It also isn’t unheard of for otherwise well-known and legitimate companies to use it in their own marketing, despite the risk they run of having to pay regulatory fines due to these behaviors.

While the real damage that adware spamming can do may seem minimal, it is also important to put the nature of these efforts into perspective. An adware spammer will use the same tactics that other serious threats—things like ransomware and the like—are often spread through. If you’re finding your workstations suddenly inundated with adware, you are likely vulnerable to a much wider variety of threats than you might first assume.

The Strength-in-Numbers Hacker

Sometimes, instead of attacking you, a hacker will use your resources to attack another business. While this isn’t an attack against you, per se, it should still be seen as a threat, as it interferes with your business’ potential for success.

The attackers that do this use the resources they take over to generate something called a botnet—a network that can then be used to the hacker’s ends. For example, one only must look at the attack on the DNS provider Dyn, where a botnet was able to take down various major websites (including Facebook and Twitter) for several hours. These botnets often make their way in through unpatched vulnerabilities and breached login credentials.

The Political Hacker

Political activists are often seen in a positive light—and rightly so—but some activists use tactics that are decidedly negative in their nature. By deploying cyberattacks to sabotage and blackmail a company that they see as doing something wrong, a hacktivist often goes about doing good in a bad way. This kind of activity can be dangerous to your operations and to the cybercriminal alike, as law enforcement won’t take the motives behind a hacker’s deeds into account.

The Cryptocurrency-Seeking Hacker

The ongoing obsession many have with cryptocurrency right now has contributed to no shortage of attacks seeking to bring the attacker responsible an unfair leg up. While the concept of borrowing resources is not a new one—The SETI (Search for Extraterrestrial Intelligence) Institute, which is associated with NASA, once legitimately used a screen saver to borrow the CPU usage of the computers it was installed upon—cybercriminals now do a similar thing to help hash cryptocurrency for their own benefit.

With hardware costs rising and the intense utility demands that mining brings about, it is little surprise that such hackers will find a way to sidestep these demands for their own benefits.

The Gaming Hacker

While many may scoff at video games in general, it is important to keep in mind that the industry behind them is valued in the billions, with huge investments of both time and money put into the games it creates. Naturally, with such high stakes, it is only natural that some hackers set their sights upon it for their own gain. Such hackers will attack their fellow players to obtain in-game currency through theft or will even restrict their competition through denial-of-service attacks.

The Professional Hacker

A lot of gig work has been facilitated by the Internet and its capability to facilitate networking. In terms of cybercrime, this has allowed many people to act as a for-hire hacker, combining malware of their own creation with programs that they’ve found or stolen to offer their services to others. For a fee, these mercenaries will act on behalf of whomever pays, whether that’s a government seeking some separation from the deed or a business looking to sabotage their competition.

The Larcenous Hacker

Considering how much of life has been converted to digital, it should come as little surprise that crime has followed suit—after all, hacking someone is a lot less physically dangerous and potentially much more profitable than mugging them likely would be. As transactions have digitized, thefts and cons using ransomware and romance scams did as well to allow those less scrupulous to continue to profit from their actions.

The Business-Minded Hacker

Much like the professionals we discussed above, some hackers decide to turn their efforts specifically to the corporate world. By spying on documents and stealing data from one business, these hackers seek to sell this information to that business’ competitors for a healthy price. Fortunately, many businesses will report when a cybercriminal has approached them with such an offer, alerting the hacked business to the breach.

The Sovereign Hacker

At long last, we come to what many see as the biggest threat: the veritable militias composed of hackers that governments will assemble to actively interfere with and undermine the efforts put forth by other nations. These groups have been known to attack the political structure of opposing nations as well as the industries that these countries rely on, with the goal of having a leg up if hostilities were to arise between them.

The hack on Sony Pictures in retaliation for the satirical 2014 film The Interview was an example of an attack by a nation-state.

 What Does This All Go to Show?

Putting it bluntly, this list should demonstrate that any individual impression of what a hacker is will not be enough to ensure that a business is prepared to deal with a cyberattack. Fortunately, NuTech Services can help. With our team of professionals following a lengthy list of best practices and policies, we can ensure that you are ready to resist a cyberattack when it comes.

To learn more about what we can do to protect your business, reach out to us at 810.230.9455.

Network security is a crucial consideration for every contemporary business owner, as there are just too many threats that originate from an Internet connection to be overlooked. One only has to look at what businesses of all sizes have dealt with, even within this calendar year, to gain an appreciation for how crucial it is that every business owner consider their cybersecurity.

Here, we’ve assembled a few statistics and examples to illustrate just how serious the threat of cyberattack can be, hopefully inspiring you to prioritize your company’s network security. Consider these cybersecurity figures:

• In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
• Nearly 1-in-3 organization have experienced some sort of cyberattack in the past.
• Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
• 100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
• 5.4 billion WannaCry attacks were blocked in 2017.
• The average monetary cost of a malware attack is $2.4 million.
• The average time cost of a malware is 50 days.
• Ransomware cost organization’s over $5 billion in 2017.
• 20 percent of cyberattacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
• Phone numbers are the most leaked information.
• 21 percent of files are completely unprotected.
• 41 percent of companies have over 1,000 sensitive files left unprotected.
• Ransomware is growing at 350 percent annually.
• IoT-based attacks are growing at about 500 percent per year.
• Ransomware attacks are expected to quadruple by 2020.
• 7.7 percent of web requests lead to malware.
• There were 54 percent more types of malware in 2017 than there were in 2016.
• The cybersecurity market will be worth over $1 trillion by 2025.

If that wasn’t convincing enough, what follows is just an assortment of the attacks that 2018 has seen (as of July). To simplify things, we’ve organized them by the intended targets: public (like individuals and government bodies) and private (such as businesses):

Public
January

• The Department of Homeland Security was affected by a data breach that exposed information about 247,167 current and former employees.

March

• Atlanta, Georgia was targeted by a ransomware attack called SamSam. This resulted in a massive problem for their municipal infrastructure. The ransom price given was $51,000, but Atlanta’s leadership refused to meet these demands. Overall, the numbers show that Atlanta has spent more than 10 times that number in the fallout of the attack. Some estimates place the actual cost of this event at nearly $20 million.
• India’s national ID database, Aadhaar, leaked data of over a billion people. This is one of the largest data breaches in history. A user could pay 500 rupees, equal to about $7, to get the login credentials that allowed anyone to enter a person’s 12-digit code for their personal information. For 300 rupees, or about $4.20, users could also access software that could print an ID card for anyone associated with the database.
• Cambridge Analytica, a data analytics company that U.S. President Donald Trump used to help his campaign, harvested personal information from over 50 million Facebook users without asking for their permission. Facebook hasn’t called this a data breach, but Cambridge Analytica has since been banned from using the service thanks to this event.

June

• A hack of a U.S. Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials. This also exposed which police departments aren’t able to respond to an active shooter situation.

Private
January

• 280,000 Medicaid records were exposed when a hacker attacked the Oklahoma State University Center for Health Sciences. Among the information exposed were patient names, provider names, and full names for affected individuals.

February

• An unsecured server owned by Bongo International, a company acquired by FedEx, leaked over a hundred-thousand files of FedEx customers. Some of the information leaked included names, drivers’ licenses, national ID cards, voting cards, and utility bills.

March

• Orbitz, a travel booking site, fell victim to a security vulnerability that exposed 880,000 customers’ payment card information. There was also about two whole years of customer data stolen from their server.
• French news site L’Express left a database that wasn’t password-protected up for weeks, despite being warned about the security issues regarding this.
• 134,512 records regarding patients and financial records at the St. Peter’s Surgery and Endoscopy Center in Albany, NY were accessed by hackers.
• MyFitnessPal, an application used by Under Armor, exposed about 150 million people’s personal information to threats.
• The WannaCry ransomware claimed another victim in Boeing, which stated that “a few machines” were protected by Microsoft’s 2017 patch.

May

• Thanks to Twitter storing user passwords in a plaintext file that may have been exposed by internal company staff, the social media titan had to force hundreds of millions of users to change their password.
• An unauthenticated API found on T-Mobile’s website exposed the personal information of all their customers simply through the use of their cell phone number. The following information was made available: full name, address, account numbers, and tax IDs.
• A bug found in Atlassian development software titles Jira and Confluence paved the way for hackers to sneak into IT infrastructure of several companies and one U.S. government agency.
• Rail Europe, a popular server used by American travelers to acquire rail tickets, experienced a three-month data breach that exposed credit card information to hackers.

June

• A marketing company named Exactis had 340 million records stolen from it, but what’s most shocking about this is that they had accumulated information about nearly every American out there. In response to the breach, there was a class action lawsuit made against the company.
• Adidas’s website was hacked, resulting in a loss of a few million users’ personal and credit card information.
• A hacker collective called Magecart initiated a campaign to skim at least 800 e-commerce sites, including Ticketmaster, for sensitive information.

Clearly, if these lists are any indication, companies of all sizes need to commit to maintaining their network security, holding it to a higher standard. For assistance in doing so, you can rely on the professionals at NuTech Services. We can design and implement security solutions to protect you from threats like these, and others that may rear their ugly heads. Give us a call at 810.230.9455 to get started.