This article covers ways in which cyber criminals profit from their cyber crimes. Often we might think our data, if it is not financial, is not interesting or profitable to hackers, so this article discusses the different types of data that are stolen and why.
Financial data is the main data type that we all think of when considering why a hacker might steal information. Financial data can be sold to various individuals for different purposes. It is not uncommon for thousands of records to be sold within 24 hours, making this a lucrative endeavour for the attacker and market owner. More about this can be read in this blog by a reformed black hat hacker: Cybercriminals, Debit Cards, Credit Cards, and Underground Markets
Personal data is relatively easy to steal and will be information such as names, addresses, phone numbers, email addresses and national insurance numbers. They can use this information to create fake identities or commit identity theft, which can then allow them to access bank accounts, credit cards and other financial resources. This is why hackers find school MIS data attractive. WH Smith Recent Cyber Attack is a recent personal data attack. The NCSC have written a paper about the cyber threat to Universities: https://www.ncsc.gov.uk/report/the-cyber-threat-to-universities
Intellectual property is when hackers steal such things as patents, trademarks, copyrights and trade secrets. They can sell this information to competitors or use it to create their products. This often happens between governments. MI5 report a new body has been created to help the UK combat national security threats. - See more at: https://www.mi5.gov.uk/news/new-body-will-help-the-uk-combat-national-security-threats#sthash.hgLZxMI8.dpuf
Ransomware is when hackers encrypt data on a victim's computer and demand payment in exchange for the decryption key. This can be especially lucrative for hackers who target businesses or organisations that rely on their data to operate, such as schools. See our previous article about schools that have been targeted in this way recently: VICE SOCIETY - Ransomware attacks on schools.
Health data is stolen such as medical records or insurance information. This information is used to commit identity theft or insurance fraud. NHS Ransomware Attack.
Hackers profit from the data they steal in various ways, including:
-
Selling the data on the dark web: The data can be sold to other cybercriminals who can use it for their nefarious purposes.
-
Using the data themselves: Hackers can use the data to access accounts, commit identity theft, or create fake identities to commit further fraud.
-
Ransomware payments: If the hacker uses ransomware, they can demand a ransom payment in exchange for the decryption key.
-
Blackmail or extortion: In some cases, hackers may threaten to release sensitive information unless the victim pays a ransom or takes some other action.
In conclusion, hackers steal a variety of data from their victims, and they profit from this data in different ways, depending on the type of information stolen and the hacker's goals. To protect against these threats, it is essential to take cybersecurity seriously and implement appropriate security measures.
Visit our Info/Cyber Security Best Practice Area for help, guidance and support for cyber cyber security and data protection.
This website lists all the cyber crime statistics for the UK: https://proprivacy.com/blog/latest-uk-cybersecurity-cybercrime-statistics-2020-2022
What to do in an attack:
Tell someone! Report to IT. Report to SLT.
Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.
If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss. Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.
Isolate the infected device and pass to IT
Always ensure there are backups you can restore from.
Remember – ‘Hackers don’t break in they login’!