Diary of a Hacker

Whilst you may be turning the pages of your diary filled with business appointments and meetings, a hacker is most likely doing the same thing but with a whole host of other important dates.

Whilst you may be turning the pages of your diary filled with business appointments and meetings, a hacker is most likely doing the same thing but with a whole host of other important dates.

Often, automated processes which scan networks to find vulnerabilities are used to find entry into a system and this is when a cyber-attack occurs. It doesn’t matter how big or small an organisation is, once entry is found it is exploited. This runs parallel to a burglar trying to find a house to steal from – it doesn’t matter whether it is a mansion or a council estate, as long as there is an unguarded, unlocked entrance to that house it will be targeted. However, some patterns have been found as to the prime times to hack systems belonging to a specific sector. There are several other factors for a hacker to consider too; is the aim to retrieve banking details or email addresses? In line with the hacker’s goals the criminal can determine exactly when and where to attack. Let’s take a look at some trends that have manifested throughout the year.

January to March

Quarter 1 has seen an increase in cyber-attacks aimed at insurance companies, healthcare organisations and government entities. Over the first several months of 2015, for example, hackers attacked insurance companies to gain access to the huge databases housing millions of National Insurance numbers.

This year, similar to many other years, has involved New Year’s resolutions revolving around keeping fit and staying healthy. As many apps are now readily available many can act as the bait a hacker needs to obtain inside information through a user’s smartphone or wearable technology. Some of the more popular sports wearables don’t just let you track your fitness; they let other people track you. In addition, companion apps for the wearables variously leaked login credentials, transmitted activity tracking information in a way that allowed interception or tampering, or allowed users to submit fake activity tracking information.

April to June

The second quarter involves the mad scramble towards the April tax deadline which is perfect for hackers to obtain banking information from their unaware victims. Last year saw the creations of phishing emails that attempt to convince a victim to click on a link promising early tax rebates or tax reductions. If a user does fall for the scam and clicks the link, they will be directed to a fake website where they will have to insert their personal details. The hackers now have exactly what they want to pull of tax fraud; your name and national insurance number. Last spring hackers were successful in stealing the details of 104,000 taxpayers.

July to September

Graduates are applying for their first jobs and are awaiting the opportunity to enter the working world.  For hackers, this means a fresh group of targets, as students are often inadequately prepared for the majority of cyber-challenges that will face in the ‘real world.’ Many students will not be familiar with spear phishing emails which are heavily targeted and tailored to a specific recipient or company. Usually, their social media profiles offer the information hackers need to perform these targeted attacks. For example, they may construct a highly convincing email that purports to be from someone within their company or it may be disguised to look like a message from your bank to set up payment options.

October to December

The final quarter, let’s call it the Christmas quarter, proves a busy time for hackers. With the increase of buying goods online, it’s the perfect time for cyber-criminals to gain access to, and exploit, the personal information of online shoppers.

Other methods to target the festive victim are electronic greeting cards that contain malware, online shopping advertisements from bogus retailers, phony shipping notifications and fake requests for charitable contributions.

 

Whatever time of the year it is, you should always remember that you are your organisation’s last line of defence and you should be on your guard at all times.