People are using the term ‘cybercrime’ more and more, but what exactly are cybercriminals?
This article explains who cybercriminals are, what drives them and how they access, infect, steal and extort – often without knowledge or consent.
Malicious attackers are a varied group. The hooded figure at a laptop stock image that appears on so many articles about cybercrime can be misleading: they’re not just young, male, individuals.
In this list of notorious cybercriminals, you will see old and young, men and women, from all over the world – driven by a range of motives. Perpetrators are also often part of a criminal group.
Cybercriminals want a number of different things, including:
Sometimes what the bad actor initially wants - passwords, personal data, customer information etc - is just part of a grander scheme.
While perpetrators and their activities are secretive, we do know that their motivations vary. Most bad guys want to steal your money, and they use a number of approaches to get it, including those at the bottom of this page.
From social engineering threats to ransomware, money is often the main aim. This may include access to a number of types of data, from credit card information and contact information to IP addresses, usernames and passwords.
Another aim of many cybercriminals is corporate espionage: stealing information, data or ideas. It may be that the data itself is valuable or that the breach damages a business’ reputation.
Political hackers, or ‘hacktivists’ – such as the loose grouping known as Anonymous – put their skills to work exposing or attacking establishment bodies such as governments, financial institutions and other entities they see as corrupt.
Larger corporations have more financial resources to invest in defense. Malicious attackers are well aware of this. So, alongside attacks on enterprises, they also logically target more vulnerable links in the chain: small and medium businesses (SMBs).
The data that these small businesses process is often extremely valuable, both to the SMB and to the client they are supplying or partner with. Cybercriminals know this, too.
Anonymously, and from international bases, perpetrators produce programs and software designed to scour the web, hunting for those weak links, wherever they may be.
So, how do the cybercriminals get what they want? There are many ways to hack into a website or network - and it won’t always be obvious that an attack has happened - but the most common forms of attack to look out for include:
This is where a bad actor attempts to gain the confidence of an authorized user of your website or business systems and gets them to reveal information that will enable them to later compromise its security. They might reach out to your employees on social media in and out of working hours, or hang around a coffee shop near the office and strike up a leading conversation. Here are three examples of Social Engineering Attacks:
Malware such as Trojan Horses, Viruses, Worms and Spyware contain malicious code, sometimes hidden inside another apparently harmless looking program. When activated, they gain control of your computer and can delete or amend files, secretly capture your login details for other websites, or conduct other disruptive activities without you being aware.
SQL injection is where the cybercriminal adds Structured Query Language (SQL) code to a web form input box, which then gives them access to your resources or the ability to make changes to the data in your systems. This kind of malicious hack can go undetected and, in certain cases, seriously affect your search rankings.
People play as big a role in cybersecurity as antivirus software like Avast Business. That’s why, in the battle to defend your business against cybercriminals, it’s essential to:
The new Avast Cybersecurity Basics Training Quiz provides training on Data Security, Identity Management, and Social Media Security
How SMBs can effectively protect their networks from cyberthreats – without breaking their security budgets