My FeedDiscussionsHeadless CMS
New
Sign in
Log inSign up
Learn more about Hashnode Headless CMSHashnode Headless CMS
Collaborate seamlessly with Hashnode Headless CMS for Enterprise.
Upgrade ✨Learn more

How Do Cybercriminals Pick Their Targets?

Chris Souza's photo
Chris Souza
·May 20, 2020·

8 min read

Cybercrimes are becoming increasingly common. The damage caused by cybercrime amounted to over 3.5 billion U.S. dollars in 2019.

Cybercriminals take advantage of a business’s system and network vulnerabilities such as security bugs in software interfaces, hidden backdoor programs, and admin account privileges for initiating a cyber-attack.

Simply put, cybercriminals can target any business with a weak cybersecurity infrastructure and exploit their confidential information for initiating malware and ransomware attacks. Sometimes the targets are regular non-technical people. At other times, Fortune 500 companies end up becoming victims of cyberattacks.

Earlier, cybercriminals leveraged spray and pray methods of sending out mass hack attempts to see which ones stick. These methods involve a completely random approach, where cybercriminals use widespread phishing campaigns and web-hosted malware delivery to attack as many people as possible. They are still in use, but now cybercriminals have started using targeted methods to select potential victims. Let’s find out more.

How Do Cybercriminals Choose Their Targets?

Cybercriminals are using sneakier ways to commit cybercrimes. Let us take a look at various ways cybercriminals choose their targets.

1. Analyzing Eager Social Media Users

Businesses often hire employees who actively use social media, and may end up disregarding privacy rules. They can inadvertently divulge a lot of personal information on these platforms through their devices such as personal computers or the company’s system (BYOD). As a result, they unintentionally make themselves a target for cybercriminals.

Cybercriminals use social media profiling to find out about an employee's interests and lifestyle. Through this tactic, they gather information such as names of family members, pets' names, places visited, general likes and dislikes, and more.

This information can help cyber criminals create a composite picture of employees, their lifestyle, and background. They can also craft targeted advertisements and phishing emails based on these intimate details. These advertisements and phishing emails can carry malware to infect the employee’s system, thereby compromising organizational security, resulting in critical data breaches.

Businesses can protect their employees from cyber criminals through the following steps:

  • Ask employees to verify claims of contact from people they have not met. Employees should also consider whether details included in an unsolicited email are details that they have made publicly available.

  • Encourage employees to share minimal information on social media. They should understand the boundaries between personal and public life.

  • Train employees to identify and report any suspicious phishing activity to the business's IT support or security department.

2. Finding Industries with Critical Data

Cybercriminals specifically target healthcare institutes, law firms, and financial institutions as these are the most data-rich sectors across the globe.

While the healthcare sector handles intimate details of patients, law firms manage critical data such as contracts, letters of intent, patents, and investigation results. As far as financial institutions are concerned, they work with critical client data such as credit card details, income, and loans. Cybercriminals use ransomware, Trojans, phishing, and smishing to steal all this sensitive data.

To protect the confidentiality, integrity, and unauthorized availability of data, regulatory agencies consistently roll out IT cybersecurity compliance standards. Some of the major cybersecurity compliances include HIPAA, PCI DSS, GDPR, and CCPA.

Businesses can take the help of managed IT services providers to stay compliant and safeguard their critical data from cybercriminals.

3. Leveraging Dark Web

The dark web is the layer of the internet that remains unindexed by search engines. In other words, searches performed on the dark web do not show up on Google.

The information exchanged on the dark web is encrypted and the exchange is done through anonymous IP addresses, which makes user identification difficult. The dark web hosts websites that let cybercriminals purchase stolen data while being anonymous. This stolen data can include critical information such as social security and credit card numbers.

Cybercriminals use a combination of social engineering and phishing techniques to steal credentials from a business. Further, they post these credentials for sale on the dark web. These credentials can include passwords, usernames, and personally identifiable information with full names and addresses. This data, in turn, can assist cyber criminals in initiating crimes such as tax identity theft, medical identity theft, and financial identity theft.

Businesses need to proactively ensure that their credentials and personally identifiable information do not fall in the wrong hands. Here is how they can do it.

  • Businesses need to understand how social engineering and phishing scams work. They should ensure that their employees do not fall victim to online scams.

  • They should enable multi-factor authentication. It makes it harder for cybercriminals to access a network.

  • Businesses can also take the help of a reliable managed IT services provider to keep their data away from the dark web. Managed IT services providers offer cybersecurity services such as dark web monitoring to help businesses find out if their credentials are available on the dark web. They can further identify compromises, provide reports on compromised data, and develop effective policies and procedures to minimize risks. They can also analyze networks to identify and mitigate cyber threats instantly.

Wrap Up

Every business is a potential target for cybercriminals. Their key assets, such as money, financial information, and personal information of staff and customers can be easily exploited. The above-mentioned details will provide you with an understanding of the common tactics used by cybercriminals to choose their target. As a result, you will be able to be better prepared for any potential attack on your business, and work out the most effective ways to mitigate them.