Technology has improved the way people live, shop, transact, and make decisions. However, it has increased exposure to innumerable risks that have severe financial and social implications. The article “They’re attacking you: learn the three types of hackers’ was written by Jonathan Nichols and explores the three main types of hackers that attack organizations and their clients, and the factors that motivate them to launch attacks. The author lists the three types of hackers as “carders,” “advanced persistent threats” (APTs), and “hacktivists.” Their motivations are money, governments, and ideas respectively.
Carders
The author establishes that carders specialize in moving money from the accounts of organizations and clients into theirs using card-reading devices (“skimmers”) that transfer data from clients’ credit cards to their databases. The use of skimmers is hard to recognize because some gadgets are so small that they can be used without being noticed. Advanced and more qualified scammers use touch-sensitive pads on points of service to capture the PINs associated with cards used to conduct transactions. Others use Remote Access Trojans (RATs) to attack point of service machines and steal entire databases containing private information belonging to customers. Scammers sell the data and cards, and also use the stolen information to manufacture new cards by cloning it onto blank credit cards that are then sold to individuals who use them to shop online.
ATPs
ATPs target the governments that hire them and exploit vulnerabilities in the computer systems and resources provided by their employers. It is difficult to identify the origin of ATP attacks and, as a result, they are highly destructive. Attackers use the resources provided by governments to find vulnerabilities in the systems of victims. The attacks are lethal and can lead to the demise of organizations, loss of clients, and destruction of ideas. The only solution that can mitigate the problem of ATP attacks is the reduction of platforms that attackers can invade. Organizations need to make the hackers’ targets smaller in order to reduce the risk of attack. For example, access to sensitive business data should be restricted to a limited number of individuals through the implementation of user access management policies. In addition, they can implement stringent security protocols and limit the entry of junk into organizational networks. ATP attacks can have serious financial ramifications if not prevented. Frequent system patching, rigorous training on security protocols and restricting access to data are effective strategies that can prevent ATP attacks.
Hacktivists
This group of hackers is motivated by political change and works for a wide range of employers including individuals and governments. “Anonymous” is the most famous group of hacktivists that conducts operations aimed at bringing political change. Hacktivists use a wide range of tools and techniques to conduct their operations. These tools include defacements, Distributed Denial of Service attacks (DDoS), and Structured Query Language injections (SQLi). A DDoS attack involves jamming a company’s system with traffic so that clients cannot locate its website or server. These attacks can be avoided by implementing cloud-based solutions and load distribution. Defacements involve getting unauthorized access to a company’s website and using it to send messages that tarnish the organization’s image. Defacements are avoided by updating servers regularly and implementing stringent user access policies and security protocols. Finally, SQLi exploit weaknesses in the protocols that servers use to allow individual access to databases. Organizations should make security the most important aspect of their business operations.