Understanding the Mind of a Cybercriminal

Inside the Mind of a Cybercriminal

Strengthen your business's security by addressing vulnerabilities. Learn how cybercriminals exploit gaps and compromise businesses, and discover proactive strategies to protect your company from data breaches and irreparable damage.

Daisy Dyson
Daisy Dyson
Junior Content Executive
October 9, 2024

Defining Cybercrime

What do you imagine when you think of a cybercriminal?

Do you envision an erratic, reactive hacker, randomly targeting businesses from a dingy bedroom? Or perhaps the image that comes to mind plays into more cinematic adaptations of hackers: an edgy person, armoured with an assortment of gadgets, muttering “I’m in” after a few minutes of determined- and very poorly depicted- coding?

While it's fun to allow television and media to let our imaginations run wild, the reality of cybercrime is far more sinister, and closer to home, than most of us would like to believe.

The real world of cybercrime is highly organised and functional. It doesn’t comprise a few lone wolves erratically targeting corporations, but rather entire intricate systems of criminals operating together on the dark web to exploit businesses effectively.

To recognise just how real the threat of organised cybercrime is to you and your business, it is first important to recognise how these criminal networks operate, and the ways in which they exploit your businesses’ vulnerabilities for personal gain.

The compromise funnel

The Compromise Funnel

The sophistication of today’s cybercriminal industry is unprecedented. To help those unfamiliar with the world of cybercrime understand how exactly this dark underbelly of the internet operates we’ve created the compromise funnel.

The compromise funnel, in many ways, mirrors the typical sales funnel that ethical businesses follow. The top of the funnel, in both instances, revolves primarily around lead generation. The middle remains a point for lead validation and targeting, and towards the bottom, opportunity management.

However, the intentions of these two funnels and the methods enacted to achieve results couldn’t be more different.

Let’s break down how a targeted business works its way through the compromise funnel, and the steps taken by cybercriminals to reach that all-important return on investment through compromise.

The things we consider to be harmless, such as password re-use, are exactly what cybercriminals prey on and weaponise.

Top of the Compromise Funnel: Target Generation

The top of the funnel is where targets for cybercriminals are generated. Cybercriminals trick users into giving away personal information through a number of methods, such as: mass phishing attacks, credential leaks, and indiscriminate, blanket-style attacks. Different criminal groups hold different preferences for attack vendors, and normally choose to specialise in one type. What these indiscriminate attacks lack in specificity, they make up for generously in leads.

These breached credentials, sourced from the victims of blanket-style phishing attacks, will then be on sale in criminals forums. Cybercriminals will advertise their specialisations- for example Wordpress database breaches, or access to Office 365 user information- to aid other criminals in creating more personalised and intricate scams. The more personalised the scam, the more likely a return on investment for malicious hackers.

Passwords and credentials are often sold on the dark web as methods of target generation. While criminals may only have access to one set of user information, a victim’s Facebook login details for example, they bank on the likelihood of victims’ poor cybersecurity practices, such as the victim reusing the breached Facebook password for their Gmail account

The things we overlook, such as password re-use, are exactly what cybercriminals prey on and weaponise.

Middle of the Compromise Funnel: Target Validation and Selection

The middle of the compromise funnel is all about using these breached credentials to try and gain access to a system. Cybercriminals achieve this by attempting to validate these breached credentials against other servers. If the target can be validated, malicious hackers then try to gain access to entire systems through those proven vulnerabilities or breached credentials.

Beyond this comes selection. After the targets have been validated, they are checked by cybercriminals against specific selection criteria. The established criteria differ based on the size of the criminal groups and the potential return on investment, and inform criminals on whether future, or more intelligent attacks, are worth going ahead with.

It’s possible your business could get to the middle of the compromise funnel and be rejected- perhaps you’re too small of a company, or a non-profit organisation. Hacks like these don’t guarantee a return on investment worth the effort and collaboration it would take criminals to successfully execute them.

Most businesses are not so fortunate, however, and fall into the bottom of the compromise funnel.

Bottom of the Compromise Funnel: Return on Investment.

The bottom of the compromise funnel is where malicious hackers and cybercriminals can expect a return on investment.

The groups, having now infiltrated a network or system to gain access to sensitive data, execute the ransomware purchased from ransomware developers. They will also steal data and sensitive information to resell on the dark web- in turn generating more leads for the top of the compromise funnel and demonstrating the vicious and highly efficient cycle of cybercrime.

4 ways how to fall into funnel - weak password policies, email phishing, downloading malware, using insecure wifi.

How do businesses end up in the compromise funnel?

No business wants to end up in the compromise funnel, however it happens all too frequently. With over 6.5 million businesses in the UK, hackers are constantly seeking those with weaker cybersecurity to target and exploit. In 2023, Gov.UK reported that an astonishing 2.39 million of these businesses were victimised by some degree of cybercrime, and approximately 49,000 instances of fraud as a result of cyber crime in the last 12 months (Source: Cybersecurity Breaches Survey, Gov.UK).

Most worryingly, it's completely feasible for any business to fall into the compromise funnel, even with good practice. The ways in which this can happen are often very simple and dangerously effortless to do.

What makes a business vunerable?

  1. A company value or size big enough to be a worthwhile target.
  2. Believing your business is too small to be hacked and not taking preventative measures with your cybersecurity practices.
  3. Human error by an employee: for example, leaving servers exposed on the internet.
  4. Joining unsecured WiFi
  5. Weak password policies i.e not changing default passwords
  6. Clicking suspicious email links
  7. Downloading malware accidentally from a dodgy website

It’s also not uncommon to fall victim to somebody else’s mistake. Improper practice by third party security systems are a huge source of exploitation for businesses.

Conclusion

The reality of cybercrime is far more sinister than we often believe. There are entire criminal networks in place to facilitate the enactment of cybercrimes, and funnel-style selection processes in place to identify, exploit, and compromise businesses for personal gain.

A lack of enforceable cybersecurity practices within a business make it all too easy to become victimised by the compromise funnel.

Cybercriminals will weaponise employees’ uninformed cybersecurity practices to exploit both the user and business, rendering potentially critical levels of damage to a company’s reputation, profits, and customers.

It only takes one employee mishap for a cybercriminal gang to cause irreversible damage through data breaches and exploits. Maintain confidence in your businesses’ cybersecurity posture through informed practices.

Be proactive about strengthening your cybersecurity posture.

Check out our CREST-Accredited pentesting services for more information.

More recommended articles

© 2024 ONSECURITY TECHNOLOGY LIMITED (company registered in England and Wales. Registered number: 14184026 Registered office: Runway East, 101 Victoria Street, Bristol, England, BS1 6PU). All rights reserved.