Cyber Attacks: The Attacker’s Motives

Cyber-attacks have continued to be one of the world’s most difficult challenges to solve. Solving it may not the problem but solving it without a corresponding negative reaction is the challenge.

The world can easily decide to take down the internet which is the bloodstream of cyber-based attacks, however, the world may not be willing to face the consequences that will fall on us as humans without an internet connection.

As the world continues to source for a permanent solution to cyber-based crimes that have been induced as a result of internet and network connectivity. It is just certain that the internet will continue to remain an infrastructure that is needed for us to remain connected with each other.

Talking about cyber attacks now, I have always had the mindset that everything happens for a reason, which means nothing just happens, including cyber-attacks. It does not just happen. It definitely must have passed through a rigorous process of planning and implementation. An attacker takes his/her time to plan a cyber attack.

Attacking a target especially when it involves hacking usually comes in different phases or stages, which range from reconnaissance to scanning, enumeration, vulnerability, and exploitation. Each of these stages requires planning and as we all know planning generally takes time.

However, we are not looking at the time it will take for a cyber attack to be planned and executed, instead, we want to look at the drive for a cyber attack.

When an attacker is apprehended, during interrogation, there is always this question “Why did you attack?” Answering this simple question usually aligns with one or more of the general motives for cyber-attacks.

One of the motives why cybercriminals will engage in cyber-based attacks is because of the fun they derive from carrying out these hacking activities. To this criminal, hacking is like a hobby that they love doing and they don’t care about the negative effect, the damages, or the consequences of the attack. I consider it the most dangerous motives behind a cyber attack because the criminals are not considerate at all in their activities. A fun induced hacker can go to any length to exploit a system not minding the time, money, or resources that they may require to attack because, for the attacker, he is catching fun.

Another motive behind cyber-based attacks is the fame that comes with being a hacker. For some criminals, all they need is to be famous. So they carry out hacking activities on some very important infrastructure or targets that will make the national headline in media houses just to give them popularity. For hackers with this kind of motive, they will continue to hack different systems and servers until their activities become known by the general public. Beyond being known this type of attacker wants to be respected. A hacker or cyberattack that is targeting being famous does not care if he is caught while carrying out a cyberattack.

Moving forward, money is the next on my list as motives for cyber-based attacks. Money will be a factor as long as it is legal tender. Most hackers or cybercriminals will carry out hacking activities for monetary gain. These activities can be a ransomware attack that requires the victim to pay a certain amount of money before they will be able to access their encrypted data or it can be a financial attack where an amount of money is being transferred out from the victim’s account. While fame and fun may be personal, money-induced cyber-attacks may be contractual which will involve a third party. The third-party can be the financier of the attack or an insider of the target’s environment. In some cases, the third party is doing it for the monetary benefit or taking vengeance on a target. This brings us to the next motive for a cyber attack. It is called vengeance. In this case, the cybercriminal is taking out revenge on a target because of what the target may have done to the attacker in the past that the attacker was not comfortable with.

Finally on the list of motives for a cyber attack is hacktivism. This is the motive that drives ideology, personal or social-political conviction such as activism. For cyber attackers driven by hacktivism, they are pursuing an ideological conviction that must be achieved. They generally attack to get the government’s attention on the clamoring of citizens. A typical example is Anonymous. Some have argued that cyber terrorism is part of an ideological pursuit because it is also aimed at getting the government to implement a certain policy that the promoters of the ideology may desire. Unfortunately, cyber terrorism attack does not focus on the government but on the people to get the government to act which is why it may not be considered as an act of hacktivism.

While all these motives may be admissible in the cybersecurity community, there are other secondary reasons cyber-attacks may be carried out. That said, corporate organizations and individuals should ensure that they don’t fuel the already motivated reason by giving the cyber attacker more reason to attack them. An attacker that is attacking for vengeance and he or she is paid by a third party to attack the same target will only mean that the attacker has multiple reasons to carry out an attack. So the more the motives, the more dangerous it is for the target. So prevention is highly recommended.