Types of activity
There are four types of activities which cyber criminals are seeking to undertake :-
In these attacks, criminals are either looking to find specific information for a specific reason or are collecting information which will be useful for future attacks.
For example, emails and passwords collected from one cyber attack can be used later for “intercept” fraud or used to gain access to other services. Data is often shared on the dark web and used several years after it was first gathered.
In other cases, attackers are looking to find out data for personal interest (such as Gary McKinnon who hacked the US military claiming he was looking for proof of UFO cover-up) or for business reasons.
There have been several cases of Law Firms discovering “unexplained” devices inserted into PCs which have been found to have been collecting information from the network.
In these attacks, criminals are seeking to extract money from their target. There are two common frauds which most law firms see on a regular basis :-
- The “conveyancing intercept” is an example of a fraud where the criminals seek to divert funds during a conveyancing transaction. Often for this fraud the criminal has been silently monitoring emails for years to until they pick-up key words relating to a property transaction.
- The false “Invoice” scam where false instructions are sent to the finance team from a senior person.
There is also a growing theme of “Money by menaces” style fraud :-
- Firms are hit by an “encryption locker” (aka “ransom ware” and have to pay the perpetrator to regain access to the data. There have been several high-profile cases of firms paying the “ransom”.
- Members of staff receive targeted personal threats. Often this relates to information gathered elsewhere or threats of release of embarrassing pictures or information. They are coerced into assisting with the targeted crime.
- Disrupt Operations
Often hackers want to gain notoriety or cause disruption to businesses by bringing systems down. Sometimes these are individuals doing it for “fun” but often there are groups of people, known as “Hacktivists” who have a stated aim to cause disruption.
For example, there are teams of anti-capitalist activists trying to disrupt the stock market and banking systems.
These attacks are typically “denial of service” where the business can not operate due to their systems not being available or a general disruption to business caused by viruses or ransomware.
Sometimes hackers aim to cause embarrassment to their target. Often this a tactic used by the hacktivist campaign groups but equally is can fall into the “Money with Menaces” category.