How do hackers make money?

Whether it’s phishing, Trojan Horses or a DDoS attack, cyber crime is getting more and more complex and efficient

All of which is obviously concerning, but have you ever wondered how hackers actually make their money?

According to stats from Varonis, more than two-thirds (68%) of business leaders feel their cybersecurity risks are increasing. (Accenture), while just 5% of companies’ folders are properly protected, on average.

Figures also show that data breaches exposed 4.1 billion records in the first half of 2019 and almost three-quarters (71%) of breaches were financially motivated with a quarter (25%) motivated by espionage.

To date, the 2013 attack on Yahoo remains the biggest security breach in history, as hackers got their hands on the names, email addresses, phone numbers, birth dates, security questions and answers, and encrypted passwords associated with at least half a billion Yahoo accounts, about 8 million of which are thought to be from the UK.

It’s thought the hack was funded by another country in a ‘state-sponsored’ attack, but it’s not known which country was behind it, and it eventually compromised the data of 3 billion people!

How cyber crime pays

Hackers use all sorts of tricks, such as Trojan Horses, viruses, spam attacks, crawl bots and all kinds of malware to get their hands on sensitive data – and they can make thousands of pounds worth of profit with relatively little initial outlay.

This infographic below from Kaspersky, developers of internet security and antivirus software, tallies up out the victim’s losses and the criminal’s gain…

Infographic showing how cyber crime pays

Back to the Yahoo attack

So now you know how hackers can make money out of any kind of security breach you can see how getting the details of half-a-billion Yahoo email users could turn a profit.

The big worry about the Yahoo hack though is the length of time it took the internet giant to  acknowledge the attack – a lot of damage can be done in two years!

Professor Alan Woodward of the University of Surrey said of the hack: “It is really worrying that a breach from 2014 can have gone undetected for so long. It is also surprising the public statement took so long to appear.

He added:  “I would have thought most companies had learned by now that early disclosure is better, even if you have to revise and update as you learn more.”

And to put the whole hack into some sort of perspective, it goes way beyond other recent data breaches like MySpace (359 million), LinkedIn (164 million) and Adobe (152 million).

Have you been a victim of the Yahoo hack? Or any other hack? Let us know…