When it comes to scamming consumers and businesses, the most effective strategies aren’t necessarily the most complex.
Hackers seeking funds, data, and access to corporate systems don’t need advanced techniques when tried-and-true tactics consistently work on their victims. There are two primary types of attacker motivations: opportunistic and targeted.
“The attacker does not care who the victim is,” says Rob Ragan, managing security associate at Bishop Fox, who uses the two categories to differentiate cybercrimes. “They want access to any and every device that can be compromised. This is a numbers game.”
Targeted attacks are different because the threat actor has a specific reason for wanting access to a particular device. While opportunistic attacks are often financially motivated, targeted threats aim to scam a particular person or access specific data.
Ragan says attacks are often platform-based and payload matters less than delivery method. “The payload may be ransomware, but the delivery mechanism can be anything from coercing a user to running an email attachment, to a worm that exploits unpatched systems,” he explains.
“Hacking a device takes technical acumen, and in some cases, access to the device,” says Michele Fincher, chief operating officer at Social-Engineer. Much of the time, the easiest route to device takeover is tricking the user.
Because it can be a “full-time job” to stay current on the latest threats, most users are not aware of the many ways their devices are at risk. Here’s a look at the easiest and most effective ways for cybercriminals to attack end-user devices.
Source: Kelly Sheridan – Dark Reading