Published On: Apr 03, 2018

The Cyber Criminal Process

When you think of cybercrime, you may think of a sophisticated hacker with futuristic equipment who targets giant corporations in order to gain access to massive amounts of data. However, cyber criminals are much more akin to your common petty thief—looking to gain easy access to unsecured data. More often than not, these are crimes of opportunity. In order to understand how to secure our data, we must understand the steps that these criminals take to “break in”.


Information Security is a field that is rapidly growing and improving. This makes it relatively tough for cyber criminals to target the tough shields that companies put up to protect their data. Craftier methods have been emerging, including phishing scams, email attachments, spoofing, and harmful links. While many physical and virtual defenses may be strong, oftentimes humans are the weak link in this equation. If their workstations are vulnerable and they click on the wrong thing, their information may become compromised.


Once a criminal has gained access to a computer, they will then investigate the specific security privileges the user has and how to use this to gain access to proprietary information. If the specific user does not have administrator privileges, the criminal will utilize the network connection to exploit other user accounts until they stumble across an account with escalated privileges. Sometimes, these criminals can scan the network to determine which machines have certain levels of access. When companies neglect important updates and patches, hackers can easily gain access to administrator-level machines. At this level, criminals can often bypass any security defenses that have been put into place on a network.


Once a criminal has gained access to a system, they make it their goal to maintain their access to the system. Oftentimes, these criminals will configure a tool so that they can remotely access the network. These may not trigger any sort of antivirus or malware detection, and the infiltration will be virtually unnoticeable. Once the criminal has made themselves comfortable, they will settle in to do what they originally intended—steal information. This data can be held for ransom, or, more often, sold in batches on the dark net market.


Once a criminal has been discovered, they will move quickly to cover their tracks. This is often when companies that have been compromised are at their most vulnerable. If a criminal is discovered, it is simple for them to wipe out the network in order to make themselves virtually untraceable. This can result in the loss of even more data and proprietary information for the victim. In order to mitigate the risk of these events happening, it is important for your business to have a plan. First, identify the information that is critical to the business, understand the risk and consequences of losing that data, and prioritize security spending. Without the data we protect, there is no business.

Protect your website investment from hackers.

Sign Up Now

Posted in Hosting on Apr 03, 2018