Light Dark
March 31, 2016 By Lyndon Sutherland 2 min read
Threat Intelligence
X-Force

We are often asked what motivates cyberattacks — why attackers do what they do. Sometimes it’s obvious: If a data breach yields credit and debit card details that are then sold on the Dark Web, profit is quite clearly the motive. Then again, an obvious motivation such as money can be a smokescreen hiding a different, deeper motivation for an attack.

What’s the Motivation for Attackers?

The single greatest motivator for cyberattacks in today’s world is, arguably, profit. It comes as no surprise that cybercrime is estimated to become a $2.1 trillion problem by 2019 — and there’s no shortage of attackers who want a share of the pie.

Methods of attack that lead to monetary gain abound. Cybercriminals use financial malware such as Carbanak, Dyre, Dridex, Rovnix and Shifu to steal funds directly from victims’ bank accounts. Or they extort money from victims through ransomware such as Cryptolocker and Tesla. Another profit-motivated attack is extortion by distributed denial-of-service (DDoS) attacks, which has grown in popularity over the last few years.

Retailers, both online and physical, face a serious threat from profit-motivated attackers who are after user and financial transaction details. Such attacks can involve malware that targets point-of-sale (POS) systems.

It’s Not Always About Money

But profit isn’t always the motive for cybercrime. For example, a private company that develops technology for the military can be the target of industrial espionage. At risk is sensitive information that could have military, economic and political value to the attacker or to the attacker’s paying customer. In this case, attackers could be state-sponsored or a for-profit criminal group acting on behalf of a state or even corporate entity.

Organizations that run industrial control systems (ICS) — power companies, chemical companies, water systems and the like — could be the target of attackers motivated by sabotage. These cybercriminals in turn can be motivated by underlying political, patriotic or ideological beliefs.

Vanity, Revenge, Outrage and More

There are also more personal — or more vindictive — reasons to explain why attackers do what they do. Companies or individuals can be the target, and the consequences can range from annoying to downright dangerous.

Interested in emerging security threats? Read the latest IBM X-Force Research

 |  | 
Lyndon Sutherland
Senior Threat and Intelligence Analyst, IBM X-Force

More from Threat Intelligence
November 12, 2024

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

October 16, 2024

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

September 26, 2024

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature