Most cyber crime is now seen as financially motivated, with financial gain as the main reason for attacks. Attackers want money and they try to get it through various coercive means, such as phishing or ransomware. Social engineering will be employed to trick people into handing over money. In the case of ransomware, cyber criminals will encrypt (lock) their victim’s data and ask for a ransom in return for decrypting (unlocking) the information. In an evolved form of the attack, commonly referred to as extortionware, cyber criminals acquire sensitive information and threaten to release it to the public if a fee is not paid. Unfortunately, where emotions or fear runs high, many of these phishing or ransomware ploys tend to work, giving the attackers the money they wanted and perpetuating the cycle of crime.
As the world has become more technologically-centred, organised crime has followed. Cashing in on the ways of the modern world, organised crime groups have seen the opportunity to make considerable amounts of money through cyber crime. Taking part in criminal activity online is easier, faster, cheaper and less risky than how the criminals may have previously acquired money. It is also seen as more likely to be successful than previous organised crime endeavors. On a large scale, some groups operate as a normal business, hiring people to actively attack targets as their ‘job’.
While some financially motivated attacks are not targeted, groups can hire hackers from the dark web to hack a company or create malware for a specific purpose. Increasingly, smaller companies are falling victim to financially motivated cyber crime, with ransomware attacks sent to sole traders, charities and even hospitals or universities. It is also true that with the rise in people working digitally, these kinds of attacks are only likely to increase further.
It has been suggested that most cyber crime exploits the most common and well-known vulnerabilities. With this in mind, it is clear that there are many measures which organisations can take to protect themselves. Education and understanding of the threats at play is essential in combating the ever-increasing issue of cyber attacks. Reducing the human element through use of multi-factor authentication and automation of security systems will allow for security on a larger and more impactful scale.