Who Is Hacking Me? The Surprising Cybercriminal Profiles Behind the Screen


February 22, 2020

Cybercriminal activity is on the rise. According to Cybercrime Magazine, losses due to cybercrimes are estimated to reach $6 trillion by the end of 2021.  

When you think about a hacker’s profile, you may have a vision of a forty-something man living in his mother’s basement, carefully scanning information on multiple monitors at an outdated workstation while eating snacks and sipping a Big Gulp.  

The truth is that the profile of a cybercriminal may not be what you think. 

Cybercriminals Come from All Around the Globe 

From a lone wolf criminal to terrorist organizations, bad actors come in all shapes and sizes. The story of a teen hacking into governmental databases and launching missile attacks in the movie  “Wargames”  seemed both terrifying and unrealistic in the ‘80’s landscape, but our new reality is even more frightening.  

A dedicated cybercriminal organization might just be able to do that in today’s sophisticated cybercrime world. 

In 2013, New York was taken by surprise when a group of Iranian bad actors hacked into the Bowman Avenue Dam network in Rye Brook.  The concern wasn’t entirely what these hackers could have done with the information they received; after all, the dam is only fifteen feet wide and two and a half feet in height. The fear is that if this group of Iranian bad actors could breach the dam database, what other infrastructures can they hack? 

The Top Five Countries Behind Cyberattacks  

Iran is far from the most influential power in the cybersecurity game. Per Security Today, the top five countries engaging in cyber warfare are: 

  • China: Attacks from China account for over 27% of cybercrime. China tends to focus its activities on the United States. 
  • United States: Over 17% of cybercrime originates within the United States. The US is known for the sophistication of their attacks. 
  • Turkey: Not a name you would commonly associate with cybercrime, Turkey accounts for a surprising 10% of malicious attacks. This number is growing each year. 
  • Brazil: Because Brazil is a “cashless” society, cybercriminals in Brazil are very active and make up 8.6% of malicious cybercrime. Their most infamous attack was on their own Rio Olympics. 
  • Russia: Russia is responsible for over 5% of cybercrime on the global stage. They are well known for their abilities to crack complex codes for their hacking activities. 

The reasons for coordinated attacks from foreign countries can range from monetary gain to playing a spy game on rival powers.  

Is My Small to Medium Sized Business Safe from Global Cybersecurity Threats? 

You may be thinking your business is safe from global threats. After all, you’re not storing any highly classified information about UFO’s or the Loch Ness Monster, so no one outside the US will pay any attention to you. Right? 

Your small to medium-sized business isn’t safe even though you think these players aren’t interested in you. The truth is, 43% of all cybercrime is targeted at small businesses…just like yours. 

Remember the reasons cybercriminals choose their targets: 

  • Access to customer or client databases 
  • Infrastructure 
  • Revenge (disgruntled employees or customers) 
  • Power 
  • Publicity 

In addition, your community activities and affiliations can make you a target, as can the industry you serve. You may not be directly responsible for tracking the Loch Ness Monster, but you build the equipment needed to track her or train the divers that use that equipment.  Maybe your CEO belongs to a Loch Ness Monster Fan Club and posts about his monster hunting duties. These can all place you at risk from “Loch Ness Monster Sympathizer” groups, no matter how small your business is. 

Grab your free, no obligation cybersecurity bundle and make sure you have what you need to stay safe and secure. The Cybersecurity Essentials Kit includes do-it-yourself checklists, a step-by-step guide to creating your own security plan, informative webinars, and more. All free. All yours.

Organized Crime: Profile of a Cybercriminal Group 

There are many organized cybercriminal groups that function in the same way as a corporation. These groups are larger and can have a CEO, project managers, financial officers, and dedicated malware programmers.  

Cyberorganizations May be As Organized as Your Own Company  

Many cybercriminal groups are run just like any other business. They take off on weekends, have a structured leadership platform, and work 9 to 5. This means that a cybercriminal organization could be working side by side with legitimate companies, working within a set schedule to make sure they do not do anything outside of normal working hours that may unnecessarily trip antivirus and security platforms. 

Not only do these cybercriminal organizations compete, they rely on each other for services and products, just like your business does. 

Cybercriminal Groups Specialize in Advanced Persistent Threats 

These cybercriminal groups are specialists in unleashing Advanced Persistent Threats, or APT. An APT is a hacking technique that involves infiltration with an extended period of surveillance. These organizations are in no hurry. They have the money and the resources to continuously siphon information from your data bases indefinitely. In 2015, China’s Deep Panda organization targeted the United States government with an APT and compromised millions of personnel records, including secret service staff. 

A large majority of organized cybercrime comes from countries seeking money, spying on other countries, and stealing intellectual property. 

Think you know cybersecurity? Test your security savvy with this quick, fun quiz.

Profile of a Cybercriminal: Keep Your Enemies Closer 

The profile of a cybercriminal could be easily found in your own company’s personnel records. Insider threats are on the rise, according to a 2018 Ponemon study.   

There are loosely three types of insider threat: 

  • Negligent employees: People who erroneously click links or otherwise introduce malware into the network, usually from a failure to follow rules or being unfamiliar with cybercrime. 
  • Infiltrators: Deliberate spying from within the company for profit or to steal intellectual property from competitors 
  • Malicious insiders: These may be employees who are fired, disgruntled, or feel wronged by the company they work for.  

While infiltrators may report back to a competitor, intentional insider threat cybercriminal activities are mostly committed by “lone wolf” actors, working alone and for their own gratification. 

Hactivist: A Cybercriminal with an Agenda 

Hacktivists are individuals who have personal reasons to infiltrate a network, usually to cause damage and destroy a company or government office. While they usually act in groups, they can also work alone. The reason behind these cyberattacks is to bring attention to their cause, issues, and enemies. 

A hacktivist may be part of a larger campaign, such as we have seen in Wikileaks and Anonymous. While their goals can vary widely, their agenda is typically politically motivated or fueled by human rights arguments.  

While hacktivists usually target large organizations, it’s important for small to medium sized businesses to note that their company activities and affiliations can make them targets as well. 

Lone Wolf Cybercriminals 

The profile of a cybercriminal includes lone wolf bad actors. These are the hackers who have a grudge, a point to make, or are seeking financial gain in some form or another. As already mentioned, financial gains can come directly from the information they receive from your network, or from selling this information on the dark web.  

Cybercriminals Wear Hats 

Cybercriminals are loosely classified according to “hats.” This is, of course, a metaphor rather than a physical hat. Some of the main “hats” are: 

  • Black Hat: These cybercriminals are the ones who actively hack into networks with the express purpose of personal gain in some fashion or another. Financial details, information to sell on the Dark Web, personal data on your databases are all targets for the Black Hats. 
  • White Hat: These are the undercover law enforcement of the IT world. They can legally hack into networks to find vulnerabilities in security. They aren’t trying to harm a business or gain information; they are trying to strengthen a company’s security by trying to breach its systems. They are also known as Ethical Hackers. 
  • Green Hat: Newer to hacking, these cybercriminals are testing their wings in the cybercriminal world. They don’t program the malware; they obtain pre-programmed software and unleash it on their victims. 
  • Red Hat: A Red Hat is a digital Lone Ranger, aggressively going after known hackers and destroying their networks. Like White Hats, Red Hats protect the cyber world…with attitude. 
  • Gray Hat: Some hackers don’t really want to do any targeted damage and don’t look for any real gain. They hack because they can, and they enjoy the fallout from their activities. 

Some of these classifications are helpful for businesses. An MSP, for instance, might hire a certified ethical hacker to help them find potential exploits in their clients’ networks.  

Other hackers may not be targeting your business exclusively; they may just be throwing malware at multiple businesses and seeing where it “sticks.”  If a security weakness is found they will exploit it, but they will not spend time looking for weaknesses that don’t exist. That doesn’t lessen the damages these “gray hats” can cause, however. 

Motivations of Lone Wolf Cybercriminals 

Cybercriminals have many reasons behind their crimes, and each one can wreak havoc on your reputation and finances. 

Internet Stalkers 

You may not consider internet stalkers to be a problem for your company, but they can be as pesky for businesses as they are for individuals. These individuals can target an individual in the company and “stalk” them for information which they can then use for bribery and blackmail. They may find intellectual property when they stalk an individual, such as a CEO, and use it for financial gains. 

It’s not just financial losses at stake with internet stalkers; internet stalkers can cause distress and fear to members of your workforce as well. 

Phishing Scammers 

These cybercriminals use one specific mode of attack: phishing attempts. Phishing scammers wait for an unsuspecting employee to click an infected link or go to a phony “spoof” website. Once in, malware spreads throughout your network and collects sensitive data, incorporates a DDoS to block your customers’ access to your site, slow your productivity, launch ransomware, or destroys your systems. The reasons they do this can run the spectrum from disgruntled employee, revenge against the affected company, or financial gain. 

A cybercriminal can hack into your network completely undetected and poke around in personal files, looking for useful information. 

Matt Lee, Director of Cybersecurity and Technology at Iconic IT, teams up with Annie Ballew from Huntress Labs to show a “real-time” hacking in progress and how easily you and your employees can be tricked. 

State Sponsored Bad Actors 

Sometimes a hacker will act independently of a larger, organized cybergroup and act alone. While they still answer to the sponsoring state, they aren’t necessarily a part of any bigger cybercrime or cyberterrorism organization. These single-player attacks are usually against the same target group of their organized counterparts: governmental offices or large corporations. 


It’s an incredible concept to wrap your mind around: there are programmers dedicated to creating and selling malware. Cybercrime as a Service is an ever-growing platform that sells hacking software and services to cybercriminals. It’s amazing to think that downloading malware is as easy as purchasing a package and launching it into the unprotected network of your choice, but the dark web is full of programmers who do just that. For every CaaS provider that is taken down, others fill the spot. This problem is an on-going, evolving situation with no end in sight. 

Protect Yourself from Cybercriminals 

Small to medium-sized businesses are frequently targeted because they tend to be lax about their security solutions. They may choose “out of the box antivirus software” or incomplete security solutions. In many cases, small to medium-sized business security is not a priority for decision-makers. There isn’t enough money in the budget, there isn’t enough time to implement a comprehensive strategy, or they simply don’t think they are at risk. 

The fact that many smaller business ventures may not have an entirely secure network, may have outdated equipment, don’t secure their Wi-Fi, or don’t run scheduled security patches draws attention to your business as surely as a sign on the door reading “Try and Hack Me.”  

Consider your cybersecurity as a porch light or motion sensor you leave on at night. If your light is on, you significantly decrease the odds of a thief targeting your home.  A would-be burglar will bypass your house and move on to a house without lights on, barking dogs, and home security systems. 

Iconic IT is launching Iconic Fortify, a complete security solution that combines the cutting-edge antivirus software Sentinel One with a dedicated Security Operations Center that monitors your network in real-time. 

Iconic IT knows the profile of a cybercriminal and is ready to protect you from every type of hacker lurking in the shadows. Do you think your small to medium-sized business is secure? Contact Iconic IT for a free, no-obligation consultation and make sure your network is ready to stand up to today’s cybercrime. 

[sc name=”blog-cta-cybersecurity5″]

We're Integris. We're always working to empower people through technology.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...