Cybersecurity For Dummies. Joseph Steinberg
Чтение книги онлайн.

Читать онлайн книгу Cybersecurity For Dummies - Joseph Steinberg страница 25

СКАЧАТЬ terrorist operations (see the earlier section on criminals)

       Build credibility and invigorate supporters by demonstrating cyberattack prowess.

      Rogue insiders

      Disgruntled employees, rogue contractors, and employees who have been financially incentivized by an unscrupulous party pose serious threats to businesses and their employees alike.

      

Insiders intent on stealing data or inflicting harm are normally considered to be the most dangerous group of cyberattackers. They typically know far more than do any outsiders about what data and computer systems a company possesses, where those systems are located, how they are protected, and other information pertinent to the target systems and their potential vulnerabilities. Rogue insiders may target a businesses for one or more reasons:

       They may seek to disrupt operations in order to lighten their own personal workloads or to help a competitor.

       They may seek revenge for not receiving a promotion or bonus.

       They may want to make another employee, or team of employees, look bad.

       They may want to cause their employer financial harm.

       They may plan on leaving and want to steal data that will be valuable in their next job or in their future endeavors.

      Cyberattackers are typically grouped based on their goals:

       Black hat hackers have evil intent and hack in order to steal, manipulate, and/or destroy. When typical people think of a hacker, they are thinking of a black hat hacker.

       White hat hackers are ethical hackers who hack in order to test, repair, and enhance the security of systems and networks. These folks are typically computer security experts who specialize in penetration testing, and who are hired by businesses and governments to find vulnerabilities in their IT systems. Hackers are considered to be white hat hackers only if they have explicit permission to hack from the owner of the systems that they are hacking.

       Grey hat hackers are hackers who do not have the malicious intent of black hat hackers, but who, at least at times, act unethically or otherwise violate anti-hacking laws. Hackers who attempt to find vulnerabilities in a system without the permission of the system’s owner and who report their findings to the owner without inflicting any damage to any systems that they scan are acting as grey hat hackers. Grey hat hackers sometimes act as such to make money. For example, when they report vulnerabilities to system owners, they may offer to fix the problems if the owner pays them some consulting fees. Some of the hackers who many people consider to be black hat hackers are actually grey hats.

       Green hat hackers are novices who seek to become experts. Where green hats fall within the white-grey-black spectrum may evolve over time, as does their level of experience.

       Blue hat hackers are paid to test software for exploitable bugs before the software is released into the market.

      For the purposes of this book, black and gray hat hackers are the hackers that should primarily concern you as you seek to cyberprotect yourself and your loved ones.

      Many, but not all, cyberattackers seek to profit financially from their crimes. Cyberattackers can make money through cyberattacks in several ways:

       Direct financial fraud

       Indirect financial fraud

       Ransomware

       Cryptominers

      Direct financial fraud

      

Direct is not a black-and-white concept; there are many shades of grey.

      Indirect financial fraud

      Sophisticated cybercriminals often avoid cybercrimes that entail direct financial fraud because these schemes often deliver relatively small dollar amounts, can be undermined by the compromised parties even after the fact (for example, by reversing fraudulent transactions or invalidating an order for goods made with stolen information), and create relatively significant risks of getting caught. Instead, they may seek to obtain data that they can monetize for indirect fraud. Several examples of such crimes include

       Profiting off illegal trading of securities

       Stealing credit card, debit card, or other payment-related information

       Stealing goods

       Stealing data

      Profiting off illegal trading of securities

      Cybercriminals can make fortunes through illegal trading of securities, such as stocks, bonds, and options, in several ways:

       Pump and dump: Criminals hack a company and steal data, short the company’s stock, and then leak the company’s data online to cause the company’s stock price to drop, at which point they buy the stock (to cover the short sale) at a lower price than they previously sold it.

       Bogus press releases and social media posts: Criminals either buy or sell a company’s stock and then release a bogus press release or otherwise spread fake news about a company by hacking into the company’s marketing systems or social media accounts and issuing false bad or good news via the company’s official channels.

       Insider information: A criminal may seek to steal drafts of press releases from a public company’s PR department in order to see whether any surprising quarterly earnings announcements will occur. If the crook finds that a company is going to announce СКАЧАТЬ