Should people pay hackers who use ransomware

hacker

Everything about hacker attacks

What is a hacker attack?

Hacker attacks are activities that attempt to compromise digital devices such as computers, smartphones, tablets or even entire networks. And although a hacker attack does not always have malicious intent, nowadays hacker attacks and hackers are usually referred to as illegal activity by cybercriminals - motivated by financial gain, protests, gathering of information (espionage) or just for the fun of the challenge.

Many think that a hacker is either a young mastermind who taught himself to hack or a ruthless programmer who knows how to manipulate hardware and software so that they can be used in any way the developer intended. But this is a limited view that nowhere near covers the many reasons why someone becomes a hacker. (For an in-depth look at the world of hackers, see “Under the hoodie: why money, power and ego drive hackers to cybercrime” by Wendy Zamora.)

Hacker attacks are typically of a technical nature (such as creating malvertising, which lays down malware during a drive-by attack that does not require user interaction). But hackers can also use psychology to trick the user into clicking on a malicious attachment or revealing personal information. These tactics are known as social engineering.

"Hacker attacks have grown from teenage pranks to a multi-billion dollar growth market."

Indeed, it is correct to use hacking as an overarching umbrella term for the activity behind most, if not all, malware and malicious cyberattack activities on public, corporate and government computers. In addition to social engineering and malvertising, there are also the following common hacking techniques:
Botnets
Browser hijacks
Denial of service (DDoS) attacks
Ransomware
Rootkits
Trojans
Viruses
worms

As such, hacking attacks have grown from teen pranks to a billion dollar growth market with followers who have built a criminal infrastructure. This is where ready-to-use hacker attack tools are developed and sold to potential crooks (known as script kiddies) who have less technical skills. For an example, see Ransomware-as-a-Service.

In another example, Windows users are reportedly the target of a widespread attempt by cybercriminals to offer remote access to IT systems for as little as $ 10 through a darknet hacker store that theoretically allows attackers to steal information, systems to disrupt, use ransomware and much more. The systems offered for sale in the forum range from Windows XP to Windows 10. The store owners even give tips on how to go undetected those using illegal logins.

The history of the hacker attack (s)

The current form of the term goes back to the 1970s. 1980 was featured in an article in the magazine Psychology Today the term hacker used in the title "The Hacker Papers". The text dealt with the addictive nature of computer use.

1982 became the American science fiction film Tron in which a performer describes his intention to gain access to a company's computer system through a hacker attack. The following year the film came out WarGames in which the plot revolved around a teenager who infiltrates the North American Air and Space Defense Command (NORAD). Fiction gave the hackers an ominous reputation as a threat to national security.

"A gang of teenage hackers broke into computer systems all over the US and Canada."

It turned out that art preceded reality that same year when a gang of teenage hackers broke into computer systems in the United States and Canada, including systems at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank. Shortly thereafter, in an article, the Newsweek, with a cover photo of one of the young hackers, the term hacker was first used pejoratively in the mass media.

Congress then took action and passed a number of computer crime laws. After that, during the remainder of the 1980s, numerous hacking groups formed and published in America and other countries, which in turn attracted hacking fans who pursued various missions - some harmless, some less. There have been spectacular attacks and break-ins in government and corporate computers and more anti-hacker laws, as well as many notable arrests and convictions. All along, popular culture kept hacking and hacking in the public eye with a slew of films, books, and magazines devoted to this activity.

An extensive timeline of hacking history, including the emerging terrorist and government hacking attacks of modern times, is available here.

Types of Hacker Attacks / Hacker Types

In general, one can say that hackers try to break into computers and networks for one of the following four reasons.

  • The prospect of financial gain by stealing credit card numbers or defrauding banking systems.
  • In addition, a higher “street cred” and the polishing up of their image in the hacker subculture motivates some hackers if they leave their mark on websites and destroy something as evidence of their hack.
  • Then there is corporate espionage when a company's hackers want to steal information about a competitor's product or service in order to gain a market advantage.
  • And ultimately, entire nations carry out state-supported hacker attacks in order to gain access to secret information from companies and / or states, to destabilize the infrastructure of their opponent and to cause confusion in the affected country. (It is agreed that China and Russia have carried out such attacks, including one on Forbes.com. In addition, recent attacks on the Democratic National Committee (DNC) made big headlines, especially after Microsoft claims that hackers were working for the Attacks against the Democratic National Committee by hackers were found to have discovered previously undiscovered vulnerabilities in Microsoft's Windows operating system and Adobe Systems Flash software. There are also examples where the US government has been benevolent towards hacking.)

There is another category of cybercriminals: the hacker who is involved in a political or social cause. Such hacking activists, or "hacktivists", seek public attention on an issue by drawing unpleasant attention to the target, usually by disclosing sensitive information. You can find major hacktivist groups and some of their key actions on Anonymous, WikiLeaks, and LulzSec.

"In today's border area of ​​cybersecurity there is still a Wild West atmosphere, there are white hat hackers and black hat hackers."

We classify hackers in another way. Do you remember the old westerns? Good guys = white hats. Bad guys = black hats. In today's cybersecurity border area, there is still a Wild West atmosphere, there are white hat and black hat hackers and even a third category in between.

If a hacker knows a great deal about computer systems and software and uses this knowledge to undermine this technology, then a black hat hacker is acting to steal something valuable or have other malicious intentions. So it makes sense to assign the following four motivations to the black hats: theft, reputation, corporate espionage and hacker attack on the nation-state.

White hat hackers, on the other hand, strive to improve the security of an organization's security systems by finding sensitive vulnerabilities and subsequently preventing identity theft or other cybercrime before the black hats are aware of the vulnerabilities. Companies even hire their own white hat hackers to join their support team, a recent article in the online New York Times highlighted. Or companies outsource this white hat hacker's service and use service providers such as HackerOne, who checks software products for weaknesses and errors on a premium basis.

Last but not least, there is the group of gray hats. These hackers use your skills to break into unauthorized systems and networks (just like the black hats). But instead of causing criminal damage, you report your discovery to the affected owner and offer to eliminate the vulnerability for a small fee.

Latest updates on hacker attacks

Perspectives on the Russian hacker attacks
British law enforcement: an uphill battle against hackers
Bio hacking attacks

Hacker attacks on Android phones

Most of them associate hacker attacks with Windows computers, but the Android operating system is also a popular target for hackers.

A bit of history: Early hackers obsessively exploring low-tech methods to bypass the secure telecommunications networks (and the expensive long-distance calls of their day) were originally called phreaks - a combination of the words phone and freaks. . They were a defined subculture in the 1970s and their activities were called phreaking.

Nowadays the phreakers from the age of analog technology have evolved into hackers in a digital world with over two billion mobile devices. Cell phone hackers use various methods to gain access to a person's cell phone and intercept voicemails, phone calls, text messages, and even access the phone's microphone and camera, all without the user being given permission or even knowing about it.

"Cybercriminals could see the information stored on your phone, including personal and financial information."

Compared to iPhones, the market for Android phones is much more fragmented, so open source and irregularities in standards in software development make Android devices more prone to data corruption and data theft. A hacking attack on an Android device can have many dire consequences.

Cyber ​​criminals could see the data stored on your phone, including personal and financial information. Hackers can also pinpoint your location, force your phone to send high quality websites, or even distribute their hacked data (via an embedded malicious link) to other people on your contact list who click on the message because it supposedly came from you.

Of course, a legitimate law enforcement with an authorization can hack phones to make copies of text messages and emails or recordings of private conversations, or to track the suspect's movements. But black hat hackers could definitely harm you by accessing your bank account credentials, deleting data, or injecting numerous malicious programs.

Phone hackers have the advantage of employing many hacking techniques that are easy to adapt to Android devices. Phishing, targeting the crime of individuals or members of entire organizations and tricking them into disclosing sensitive information through social engineering, is a proven practice for criminals. In fact, since the address bar on a phone is much smaller than that on a PC, when phishing with a mobile internet browser, it's even easier to forge a seemingly trustworthy website with no minor anomalies (like deliberate typographical errors) like those on a desktop browser be seen. So you get a message from your bank asking you to log in and resolve an urgent problem, you click the convenient link provided, enter your credentials, and the hackers get you.

Trojan horse apps downloaded from insecure marketplaces are another intersecting hacking threat to Android devices. Major Android app stores (Google and Amazon) keep a close eye on third-party apps, but embedded malware can occasionally either come through from the trusted websites or, more often, from the more questionable websites. This is how adware, spyware, ransomware or other nasty malware gets onto your phone.

"Bluetooth hackers can access your phone if it appears on an unprotected Bluetooth network."

Other methods are even more complicated and don't require the user to click on a malicious link. Bluetooth hackers can access your phone if it appears on an unprotected Bluetooth network. It is even possible to impersonate a trusted network or cell phone tower to redirect text messages or logins. And if you leave your unlocked phone unattended in a public place, instead of simply stealing it, a hacker can clone the phone by copying the SIM card. It's like giving him your front door key.

Hacker attacks on Macs

If you think hacking is a Windows-only problem, dear Mac users, rest assured, you are not immune either.

For example, in 2017 Mac users were the target of a phishing attack, mostly in Europe. The hack was transmitted by a Trojan horse and was provided with a valid Apple developer certificate. His goal was to gain access to credentials by displaying a full-screen message that an important OS X update was waiting to be installed. If the hacker attack was successful, the attackers were given full access to all communications from the victim and they were able to trace all of the web browsing activity, even if it was an HTTPS connection with the lock symbol.

In addition to social engineering hacker attacks on Macs, occasional hardware defects can lead to vulnerabilities, as was the case with the so-called Meltdown and Specter vulnerabilities reported by The Guardian in early 2018. Apple responded by developing protective measures against the vulnerabilities, but recommended that customers only download software from trusted sources such as its iOS and Mac app stores to prevent hackers from exploiting the processor weaknesses.

Then there was the insidious Calisto, a variant of the Proton Mac malware that was free for two years before it was discovered in July 2018. Hidden in a fake Mac cybersecurity installer, Calisto was collecting usernames and passwords.

Hackers have therefore put together a wide range of tools, from viruses and malware to security holes, in order to cause damage to your Mac through a hacker attack. The Malwarebytes Labs team has compiled the latest reports on this here.

Hacker Attack Prevention

If your computer, tablet or phone is in the sights of a hacker, then surround your device with a ring-shaped protective wall.

Most importantly, download a reliable anti-malware product (or an app for your phone) that can detect and neutralize malware as well as block connections to malicious phishing websites. Of course, we recommend the multi-layered protection of Malwarebytes for Windows, Malwarebytes for Android, Malwarebytes for Mac, Malwarebytes for iOS, and Malwarebytes products for, regardless of whether you work with Windows, Android, a Mac, iPhone, or in a company network Companies.

"Be aware that no bank or online payment system will ever ask you for your login information, social security number, or credit card number in an email."

Also, only download phone apps from legitimate marketplaces that monitor themselves for malware, such as Google Play and Amazon Appstore. (Note that Apple guidelines only allow iPhone users to download from the App Store.) Even so, every time you download an app, be sure to check the ratings and customer reviews first. If the app is doing poorly on the reviews or has a small number of downloads, then it is best to avoid it.

Be aware that no bank or online payment system will ever ask you for your login information, social security number, or credit card number in an email.

Make sure that the operating system of your phone or computer is always up-to-date. And update the rest of the device software as well.

Avoid visiting unsafe websites and never download unchecked attachments or click links from unknown email senders.

These rules are part of basic hygiene and are always helpful. However, the "bad guys" are always looking for new ways to get into your system. If a hacker discovers one of your passwords that you use for multiple services, then they have apps that can breach your other accounts. So make your passwords long and complicated, and avoid using the same password for different accounts. Use a password manager instead. Because a single hacked email account can be a disaster for you.