How do hackers choose their victims?

Phishing, ransomware and theft personal data are very real threats, hanging like the swords of Damocles over the heads of computer and smartphone users. Why and how do hackers choose their victims? Here are some answers.

Whether for “ethical” reasons with variable geometry, politics, social justice or simply to extort money, we are all vulnerable to malware, fraudulent links and other cyberattacks. What motivates hackers and what are their means of action? And how can you effectively guard against these threats?

What motivates hackers

The main motivation for hackers is, unsurprisingly, money. And as revealed by a July 2021 investigation by the security intelligence firm KelaEurope is a prime target for cybercriminals, behind the United States, Canada and Australia.

Unfortunately for us, the threat is very real. It is in a way the price to pay for living in a rich country, in which are established very wealthy people and organizations that hackers see as potential victims.

Kela established the robot portrait of the ideal target: it is a company based in the United States achieving more than 100 million dollars in turnover. For “ethical” reasons, hackers avoid non-profit associations. But also the fields of education, health and the public sector.

In France, companies are a priority target for cybercriminals. The latest evidence: La Poste Mobile, hacked by hackers, with a high risk of phishing and identity theft for customers affected by the leak of personal data.

Moreover, if there are countries favored by hackers, others are “ethically untouchable”. Thus, members of the Russian hacker group Lockbit have designed their malware not to infect computers located in Russia or Russian-speaking countries.

Sometimes attacks are enabled by one of the biggest cybersecurity threats to organizations: employees. The latter sometimes have access to critical elements allowing to open the way to hackers, and do so inadvertently. Sometimes also, out of revenge.

Many hackers have very different motivations, more oriented towards (geo)politics and social justice. One thinks of the Anonymous collective, very active in the Russia-Ukraine cyberwar. At the end of May, its members declared cyberwar on Killnet, a pro-Russian hacker group, in response to the latter’s repeated DDoS attacks against NATO members.

The different means of hacker attack

The most common means of attack is obviously Phishing, or phishing. It consists of sending e-mails or SMS with a fraudulent link or a “trapped” attachment. Clicking on one of these elements triggers the activation of malware that opens up access to your network to hackers.

These can then penetrate the system of your home or your business, and they are free to do what they want, such as locking your computer (or your smartphone) and its contents against a ransom. Or even steal your confidential data to resell them, or seize your bank details.

Another common means of attack is to exploit vulnerabilities and other security flaws in popular software. This is often the case with a 0-day flaw, a security vulnerability detected and exploited by hackers before the software developers can even notice it.

And they are becoming more democratic, since they allow hackers to access your networks without having to collect your identification data beforehand. Thus, at the beginning of July 2022, the Mountain View company discovered a zero-day flaw in Google Chrome and called on its users to update their favorite internet browser as soon as possible.

On mobile, we can also find ourselves confronted with these attacks, in particular with Fleeceware, malicious software intended to siphon your bank account. And lately, the Joker malware has spread through 4 applications to be removed from your smartphone as soon as possible.

More technically, hackers can also enter your system via the remote desktop protocol (RDP), as a network administrator would do to manage a computer park. To do this, they use port 3389 of a machine connected to the Internet, whose role is to allow file sharing between Windows computers.

When access is open, hackers only have to force the password. Unfortunately, this is only a formality. First, because the most popular password in France is “doudou”, if we ignore the usual “123456” and “azerty”. And second, the majority of compromised passwords meet regulatory requirements…

So, the result is the same as with a 0-day flaw: your system and the data it contains are at the mercy of the cybercriminal who has taken control of your machine. It can lock your computer and demand a ransom. But also steal your personal data to resell them on the Dark Web or exploit them for malicious purposes.

How to protect yourself from cyberattacks

According to Alexander Vukcevic, director of Avira’s antivirus lab, there is a cybercrime industry today. And especially around ransomware attacks. Indeed, by breaking into systems and demanding ransoms to unlock them, hackers can quickly pocket millions of euros from companies and individuals.

He nevertheless recalls that the company specializing in computer security has a team of experts who work on this subject on an ongoing basis in order to offer their users the best possible protection against ransomware. But also against all other types of malware.

It also delivers some good practices to put in place in order to avoid suffering from an attack. First, keep all its software and applications up to date by installing their latest available version as soon as possible. Then, he obviously advises to use an up-to-date antivirus on his devices. And in this area, Avira Free antivirus, remains an essential reference with real-time protection against ransomware, spyware and other malware. But above all, it is worth pointing out that the protection device of Avira’s free antivirus has a minimal impact on the performance of the machine.

Finally, he recommends making regular backups on external hard drives. So, after an attack, all you have to do is reboot your system and regain control of your machine, without loss. He also reminds us to report the incident to the competent authorities, because it is a “crime” which he describes as serious.

For businesses, it is recommended that employees be made aware of cybersecurity, in order to enable them to identify fraudulent messages, whether they come from outside or circulate internally. But also to invest in the monitoring of potential vulnerabilities of systems and networks, in order to protect the organization’s infrastructure.