Common Myths About Cybercriminals
People often have the notion that cybercriminals are individuals. Cybercrime is a highly distributed, professional, commercial, big business.
Who are cybercriminals?
A cybercriminal is not a lone individual who commits cybercrime. Contrary to that notion, cybercriminals often work in organized groups. Some cybercriminal roles are: programmers, distributors, IT experts, hackers, fraudsters, system hosts, cashiers, money mules, tellers, and leaders.
Myth #1: Hackers or Cybercriminals Play a Short Game
One of the most common myths is that cybercriminals play a short game for quick wins. The fact is they don’t. Cybercriminals play a very long game. They put schemes together that play out over the course of many months. They count on people forgetting or not make associations between temporally distinct events.
Let us give you an example. You receive a PDF from an acquaintance. After double-clicking on the PDF nothing happens and up pops a note from Adobe with a notification that the file is corrupted. You think Adobe stopped you from opening something broken or perhaps that you dodged a bullet and that Adobe prevented you from opening something harmful. Maybe you write to the person who sent it and they never reply because they didn’t send you the PDF in the first place. Maybe you don’t even bother to write the sender because you figure somebody else has already alerted them about the problem. After all, if there is a problem, surely you will see some sort of sign. You don’t see any indication of a problem so the matter slips your mind. After a whopping 219 days—which is how long it takes the average cyberattack to get noticed—you get a message asking you to run a new piece of software. It never crosses your mind that this message has been sent to you as a result of that broken PDF you tried to open 7 months ago. The new software is not designed to hurt you but rather it’s mining cryptocurrency. It’s using your computer to do the cybercriminal's work and it’s sending information from your computer to the Internet. Simply put, it has taken 7 months but now someone else has control of your computer and you aren’t even aware of it.
Myth #2: Hackers Are Out to Harm You
Most folks think cybercriminals purposely want to harm you. This is false. The primary goal of most cybercriminals isn’t to kill your computer. Their goals can be varied but it is almost never to kill your computer. Common goals include trying to mine your online activity, use your computer to send information without your knowledge, or hold your information/files for a ransom (well, that last bit is harmful).
Myth #3: Cybersecurity is Simple
Most people think that cybersecurity is simple. People assume that once they have installed some anti-virus software they are protected from cyber risks. That is wrong. Cybersecurity is an ongoing fight. You can’t just install some software and forget about it. All cyber protection software needs to be regularly updated. Further, you need to monitor your networks and continually educate your team about new cyber risks.
Cybercrime is a highly distributed, professional, commercial, big business.
Myth #4: People think that Cybercriminals are Just Average People
One of the most common myths is that cybercriminals are just disgruntled troublemaking kids with too much time on their hands. First and foremost, cybercriminals are computer scientists. These scientists employ incredibly powerful tools like artificial intelligence (AI). They use computer automation to set up and exploit vulnerabilities. They use really big computers to launch enormous attacks at a number of different related or unrelated facets. It’s big business. It is actually very big business. Using all of the tools at their disposal, they hunt for vulnerabilities, and once they find a vulnerability they will attack your system. Once they attack, they try to gather up and exploit as much as they can. These cyber bad guys know that the window to exploit is limited as the vulnerability will eventually be patched by companies like CITI.
Myth #5: One Person is Responsible
The person responsible for finding the vulnerability in your system is not the person who ends up exploiting it. Finding out who hacked into your computer is like finding out the majority stakeholder in the company that refined the gas in your car. In other words, it's impossible to trace it back with certainty.
Cybercrime is a highly distributed, professional, commercial, big business. At the other end is you, oblivious to the fact that the cybercriminals' exploit is in place and holding up really well. They market it and sell it on the dark web. The people buying it may or may not do anything with it either. They may sit on it or sell it with other bundles of hacked computers.
Myth #6: My Online Activities Don’t Put Me at Risk
Most people think if they avoid visiting certain websites (we're looking at you, porn websites) and are judicious about not clicking on dodgy links that they remain cybersafe and cyber secure. This is not true. The truth is that hackers can install malware on even the most legitimate websites, which can infect a somebody who just visits the site—no clicks needed. Others assume that some sort of Internet police force illegitimate or harmful websites off the web. This is also untrue. Bad websites (that appear legit) may be up for years before they are detected and forced to come down. Also people believe that only opening emails or accepting friend requests from people you know will keep you safe. Wrong. Cybercriminals are excellent at appearing like somebody you know and trust.
Myth #7: A Strong Password Can Keep You Safe
This is sort of a myth and sort of not a myth. Yes, strong passwords can help keep you safe. However, if you use the same strong password for everything you will be at risk. Make sure that you use a strong and unique password for all of your accounts.
PS Don’t save your passwords on your computer in a file called “Passwords.” Also, wherever and whenever possible, use two-factor authentication for extra security.
At the end of the day, cybercrime is ubiquitous. We are all breached, we just don’t know it. Ignorance is bliss. And remember never clicking isn’t going to save you but it is the one single thing that will make you less vulnerable.
If you think that you have been the victim of cybercrime, get in touch with CITI right away. Better yet, get in touch with us before you become the victim of cybercrime so that we can protect you from it. Everyone is a target.