Cybercriminals: Who are they and what do they do?

Katie Chadd 19 Sep 2018

People are using the term ‘cybercrime’ more and more, but what exactly are cybercriminals?

This article explains who cybercriminals are, what drives them and how they access, infect, steal and extort – often without knowledge or consent.

Who are they?

Malicious attackers are a varied group. The hooded figure at a laptop stock image that appears on so many articles about cybercrime can be misleading: they’re not just young, male, individuals.

In this list of notorious cybercriminals, you will see old and young, men and women, from all over the world – driven by a range of motives. Perpetrators are also often part of a criminal group.

Malicious Attackers

What do cybercriminals want?

Cybercriminals want a number of different things, including:

  • Money (extorting or transferring money from accounts)
  • Power/influence
  • Financial information
  • Personal profiling data (passwords, etc)
  • Corporate data
  • Sensitive information (government institutions, personal data from public/private companies)
  • Information relating to new product research and development
  • Access to systems (to create ‘zombies’) 
  • To place software on your machine (adware, spyware.)

Sometimes what the bad actor initially wants - passwords, personal data, customer information etc - is just part of a grander scheme. 

Why do they want it?

While perpetrators and their activities are secretive, we do know that their motivations vary. Most bad guys want to steal your money, and they use a number of approaches to get it, including those at the bottom of this page. 

From social engineering threats to ransomware, money is often the main aim. This may include access to a number of types of data, from credit card information and contact information to IP addresses, usernames and passwords.

Another aim of many cybercriminals is corporate espionage: stealing information, data or ideas. It may be that the data itself is valuable or that the breach damages a business’ reputation.

Political hackers, or ‘hacktivists’ – such as the loose grouping known as Anonymous – put their skills to work exposing or attacking establishment bodies such as governments, financial institutions and other entities they see as corrupt.

Timeline of Anonymous activities

Who do cybercriminals target?

Larger corporations have more financial resources to invest in defense. Malicious attackers are well aware of this. So, alongside attacks on enterprises, they also logically target more vulnerable links in the chain: small and medium businesses (SMBs). 

The data that these small businesses process is often extremely valuable, both to the SMB and to the client they are supplying or partner with. Cybercriminals know this, too. 

Anonymously, and from international bases, perpetrators produce programs and software designed to scour the web, hunting for those weak links, wherever they may be.

Types of cybercriminal attacks

So, how do the cybercriminals get what they want? There are many ways to hack into a website or network - and it won’t always be obvious that an attack has happened - but the most common forms of attack to look out for include:

Cross-Site Script and Request Forgeries

  • Cross-Site Script (XSS): This enables bad actors to inject malicious code into legitimate web pages. It can then be used by the attackers to compromise the machines of users that access the compromised page, or bypass access controls, to carry out fraudulent transactions.
  • Cross-Site Request Forgery (CSRF): This is where an attacker takes on the credentials (e.g. IP address, browser information, cookies) of a user when they access a website and perform malicious actions without being identified.

Social Engineering attacks

This is where a bad actor attempts to gain the confidence of an authorized user of your website or business systems and gets them to reveal information that will enable them to later compromise its security. They might reach out to your employees on social media in and out of working hours, or hang around a coffee shop near the office and strike up a leading conversation. Here are three examples of Social Engineering Attacks:

  • Phishing: cybercriminals will send you an official-looking email purporting to be from one of the sites or apps you might use e.g. PayPal. In the email they will ask you to click on a link or reply to it with a certain piece of sensitive information. These emails are usually sent out in large quantities, targeting as many people as possible.
  • Spear phishing: Spear phishing is similar to phishing in that an email is used to lure people into surrendering information or clicking a link. However, rather than sending these emails to as many people as possible, they are extremely targeted. The email may appear to come from someone you know - for example an employee who occupies a position of high authority or someone from a larger business you work with - and the bad actor will have spent time researching how to write the email in a way that will fool you. 
  • Drive-by downloads: this is where a person visits a web page and a piece of malware is downloaded without their knowledge or them even clicking anything. That malware may then allow other types of hacking to take place.


Malware such as Trojan Horses, Viruses, Worms and Spyware contain malicious code, sometimes hidden inside another apparently harmless looking program. When activated, they gain control of your computer and can delete or amend files, secretly capture your login details for other websites, or conduct other disruptive activities without you being aware. 

  • Ransomware: This is where a bad actor uses malware to infect a network and block access to all or specific files. They then request a payment in exchange for the safe return of the files. If a ransom is not paid (or even when it is!) the data remains stolen or is permanently destroyed.

SQL injection

SQL injection is where the cybercriminal adds Structured Query Language (SQL) code to a web form input box, which then gives them access to your resources or the ability to make changes to the data in your systems. This kind of malicious hack can go undetected and, in certain cases, seriously affect your search rankings.

How do I stop cybercriminals from damaging my business?

People play as big a role in cybersecurity as antivirus software like Avast Business. That’s why, in the battle to defend your business against cybercriminals, it’s essential to:

    • Invest in cybersecurity software for your business to immediately and comprehensively protect your business from a range of security threats
    • Train your employees to stop bad actors from gaining access to social security data, online accounts, bank accounts or other sensitive data, so that they don’t put your business at risk from attack.

How can I protect myself from cybercriminals?

  • Never divulge your sensitive personal information 
  • Learn how to recognize Phishing and other scams 
  • Have a plan ready to go in the event your identity is stolen
  • Always download the latest security updates for your PC and other devices
  • Use strong passwords and password management software 
  • Install reliable anti-virus and anti-malware software like Avast One.
  • Prevent your devices from being accessed without authorization 
  • Secure your business or home network with appropriate encryption 
  • Educate cohabitants on the importance of good personal cybersecurity habits
  • Make backups of all important data on a regular basis
Updated on April 19, 2022 with new updates and information
--> -->