What Cybercriminals do to Make Money is Based on an Analysis of What Works


What Cybercriminals do to Make Money is Based on an Analysis of What Works- What cybercriminals do to make money is based on what has worked in the past. Hackers experiment with many sorts of cybercrime in order to figure out which ones are the most profitable.

Extortion is the most common method used by hackers to monetize their stolen data. For years, extortion has been a successful form of cybercrime. Apart from extortion, hackers can gain money in a variety of ways. Many of these strategies are examined and explained.

Some people hack for fun, but the major goal of malevolent hacking is to make money. Any hacker with the correct abilities can make money.

Cybercriminals sell credit card data to make money

The easiest and most popular way for hackers to make money is by stealing your credit card information. Credit cards are widely used on the internet for purchases, memberships, and money transfers, among other things. Credit card information is obtained via hacking databases containing saved credit card information or intercepting data while a transaction is in progress.

Over 300,000 British Airways customers were affected by one high-profile incident. Magecart, a malicious JavaScript line, was utilised in this attack. When the Magecart script is integrated in payment sites, it allows hackers to steal credit card information. The Magecart script was an example of an attack in which the hackers did not need to penetrate databases and instead utilised a script to steal credit card information during a transaction.

Cybercriminals sell personal data on the dark web to make money

On the dark web, some hackers gain money by selling important information. Compromising secret business databases is difficult, but it may also be rewarding. To gain access to hundreds of millions of records containing personal information, hackers must first breach the various protection layers. This information is frequently sold on the dark web or to individual customers who want to exploit it for identity theft.

Personal information and private credentials taken from hacked databases are sold on the dark web. Personal information is a valuable commodity that can be sold for millions of dollars. Those who purchase the information will almost certainly use it to steal identities. Many hackers go for huge businesses and corporations, while others go after any company with weak protection.

In 2018, the Marriott hotel chain was hacked. In 2020, it was hacked once more. Do we hold the IT department responsible for such an attack, or do we hold the hackers responsible? The hackers are to blame, but the IT department is also to blame for not properly securing the data.

Senior hackers have been known to sell credentials to novice hackers and other fraudsters who conduct phishing attacks. These parties aim to send malware-spreading emails. It’s possible that the infection is crypto-mining software, adware, or even ransomware. Each of these types of malware has the potential to generate revenue for the hacker.

Cybercriminals use Botnets to make money

Botnets are frequently in the headlines. The man suspected of being behind the Mega-D botnet was arrested last month, according to a recent news piece. Another news storey describes the WikiLeaks organization’s enraged followers. As part of Operation Payback, they have freely authorised the computers to be used in the LOIC (Low Orbit Ion Cannon).

The majority of botnets are used to aid illegal activity, with the primary goal of the hackers in command being to gain money. Botnets, according to Martin Lee, a senior software engineer at Symantec Hosted Services, are a network of computers that have been infected with malware and are controlled by a single person.

When botnet malware infects your computer, it falls under the control of whoever created the software. The computer contacts the control and command server after being infected. The person in charge of the botnet can then give whatever commands they want. The command could be to send emails to specific or several email accounts, connect to other PCs on the network, or install extra software to keep the infection undetected for as long as feasible.

So, once a botnet has been formed, what is the following step for cybercriminals? How do hackers profit from botnets?

Cybercriminals make money with botnets by sending spam

Botnets can be used in a variety of ways by hackers to gain money. One of the most prevalent ways for hackers to make money is through sending spam. People have become more cyber-aware, resulting in a low spam email click rate. Despite this, spam campaigns continue to generate millions of dollars in revenue for hackers. These spam operations frequently promote medications. According to a study on pharmaceutical spam, the majority of the products are counterfeit or have the incorrect dosage.

Despite the low response rate of spam, the volume of spam sent by a botnet can make up for it. There is a steady profit created when millions of spam emails are sent.

Hackers have discovered that shortening URLs increases the number of individuals who open their messages. Hackers have altered their methods to allow them to whitewash or launder the real URL in the email.

A breakdown

A spammer’s emails will be delivered in the vast majority of cases. Only a small percentage of those delivered are opened by the intended victims. Even if they open the emails, just a small percentage of them will click on the links. Only a small percentage of individuals who click the link will purchase the advertised goods.

Only a tiny percentage of the emails sent will be successful. Hackers, on the other hand, spend very little money to send millions of spam emails. As a result, spamming remains a profitable source of income for hackers.

Cybercriminals steal money from bank accounts

Hackers are targeting financial organisations in an attempt to get through the best-in-class security systems. Malware can be used by hackers to steal money from online bank accounts. An unwitting user could be using an infected computer. The hacker waits until the user connects to a bank’s internet service before taking control or stealing the essential credentials. The software allows the victim to log into their accounts, authenticate themselves, and then take control of the connection. The malware then injects money transfer commands into the system, masking the transactions so the victim is unaware of their true balance.

You can’t trust what’s on your screen if you have malware on your computer. The hacker has complete control over what you view.

Cybercriminals make money by using denial of service (DOS) attacks to ask for Ransom

Another way hackers generate money is through the protection racket, which is a new variation on an old practise. The trick is to find a company that does most of its business online and then shuts down their website until they pay the money they owe.

If the victim company does not pay the desired money, the hacker can instruct the computers in their botnet to begin requesting pages from the victim’s website. Because botnets are automated attacks, they can send hundreds of thousands of requests every second, flooding the website or slowing it down to the point that clients and company employees couldn’t access it.

Extortion demands often range between $10,000 and $50,000, according to previous studies on such incidents. In this price range, victims are frequently more ready to pay the ransom rather than risk having their websites taken down and maybe losing additional money.

Stealing Intangible Goods

Some hackers gain money by stealing intangible things, despite the fact that only a few incidents have been documented. A hacker, for example, could gain access to one’s gaming account. The hacker can then sell the intangible items earned or gained by the player during the game.

People invested a lot of time and money in online games. As a result, hackers have created Trojans that have been tailored to steal passwords, which are then used to access online games and steal intangible items. A group of hackers in Asia who specialise in selling intangible products recently made at least $140,000.

Holding Information for Ransom

Hackers make money by holding information on a victim’s computer for ransom, which is a variation on the extortion approach. Data is encrypted on the victim’s hard disc and rendered inaccessible with the use of malware. The botnet’s operator then requests payment in order to decrypt the disc. This is a rarely used strategy, however it is one way for hackers to gain money.

Cybercriminals make money through online marketplaces

Abusing internet marketplaces is a lucrative business for some cybercriminals. Purchasing from the convenience of your own home or workplace is quick, making online marketplaces like Flipkart, Amazon, Jumia, and eBay a preferred means of shopping around the world. However, these online venues typically demand a variety of important credentials, which fraudsters can readily acquire and exploit for a variety of crimes.

Fraud has increased in online markets, giving thieves plenty of opportunities to strike. Cybercriminals utilise a variety of techniques to take advantage of online marketplaces, including:

  • Using stolen credit card information to purchase high-priced items and other indulgences.
  • Impersonation — impersonating legitimate sellers is another way for cybercriminals to generate money. They then sell products that are either false or non-existent. Customers have complained about receiving products they never ordered or counterfeit items instead of what they ordered in multiple instances. Such cybercriminals want to persuade a group of people to buy their bogus items, then disappear with the money without providing any service or delivering the goods.
  • Money laundering – Online marketplaces are frequently used by cybercriminals to launder money. They construct buyer and seller accounts with stolen or forged credentials. The fictitious buyer then buys things at inflated prices from the fraudulent seller accounts. The transactions can be used to deceive the IRS into believing that someone obtained money legally.

Cybercriminals make money through cryptocurrencies

Botnets and “crypto-jacking” are used by cybercriminals to mine digital money at the expense of victims who are unaware that they are participating in the mining process. The popularity of bitcoin, as well as the launch of 1500 other digital coins or tokens, has increased attack surfaces in the cryptocurrency hotbed, attracting more crooks to take advantage of the weak connections. Digital currencies have become mainstream assets in the last two years as more financial institutions and enterprises adopt the underlying blockchain technology.

Every week, new “alt-coins” are produced, and fraudsters have devised unique and intricate methods to profit financially from these releases. Mining fraud, initial coin offering (ICO) frauds, crypto-jacking, and account takeovers are all on the rise.

Crypto-jacking is a type of cybercrime in which hackers use malware to take control of a victim’s browser and then use the victim’s computer to mine digital currency without their knowledge.

Money Money Money

Other than the methods we’ve discussed, hackers can make extra money in a variety of ways. There are hacking gangs, for example, that are hired by governments to commit crimes on their behalf. Others get money as unidentified penetration testers. As long as there is money to be made, hackers will continue to hack.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.