FortiGuard Labs 1H 2023 Global Threat Landscape Report provides valuable intelligence and early warning for potential threat activity
Download the Report
Hacking—Definition, Types, Security, and More
A commonly used hacking definition is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals.
But what is hacking in a cyber security context?
Hacking in cyber security refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.
A traditional view of hackers is a lone rogue programmer who is highly skilled in coding and modifying computer software and hardware systems. But this narrow view does not cover the true technical nature of hacking. Hackers are increasingly growing in sophistication, using stealthy attack methods designed to go completely unnoticed by cybersecurity software and IT teams. They are also highly skilled in creatingattack vectorsthat trick users into opening malicious attachments or links and freely giving up their sensitive personal data.
As a result, modern-day hacking involves far more than just an angry kid in their bedroom. It is a multibillion-dollar industry with extremely sophisticated and successful techniques.
History of Hacking/Hackers
Hacking first appeared as a term in the 1970s but became more popular through the next decade. An article in a 1980 edition of Psychology Today ran the headline “The Hacker Papers” in an exploration of computer usage's addictive nature. Two years later, two movies, Tron and WarGames, were released, in which the lead characters set about hacking into computer systems, which introduced the concept of hacking to a wide audience and as a potential national security risk.
Sure enough, later that year, a group of teenagers cracked the computer systems of major organizations like Los Alamos National Laboratory, Security Pacific Bank, and Sloan-Kettering Cancer Center. A Newsweek article covering the event became the first to use the word “hacker” in the negative light it now holds.
This event also led Congress to pass several bills around computer crimes, but that did not stop the number of high-profile attacks on corporate and government systems. Of course, the concept of hacking has spiraled with the release of the public internet, which has led to far more opportunities and more lucrative rewards for hacking activity. This saw techniques evolve and increase in sophistication and gave birth to a wide range of types of hacking and hackers.
Types of Hacking/Hackers
There are typically four key drivers that lead to bad actors hacking websites or systems: (1) financial gain through the theft of credit card details or by defrauding financial services, (2) corporate espionage, (3) to gain notoriety or respect for their hacking talents, and (4) state-sponsored hacking that aims to steal business information and national intelligence. On top of that, there are politically motivated hackers—or hacktivists—who aim to raise public attention by leaking sensitive information, such as Anonymous, LulzSec, and WikiLeaks.
A few of the most common types of hackers that carry out these activities involve:
Black Hat Hackers
Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to gain reputation, carry out corporate espionage, or as part of a nation-state hacking campaign.
These individuals’ actions can inflict serious damage on both computer users and the organizations they work for. They can steal sensitive personal information, compromise computer and financial systems, and alter or take down the functionality of websites and critical networks.
White Hat Hackers
White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers throughproactive hacking. They use their technical skills to break into systems to assess and test the level of network security, also known as ethical hacking. This helps expose vulnerabilities in systems before black hat hackers can detect and exploit them.
The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these individuals are hired by organizations to test and discover potential holes in their security defenses.
Grey Hat Hackers
Grey hat hackers sit somewhere between the good and the bad guys. Unlike black hat hackers, they attempt to violate standards and principles but without intending to do harm or gain financially. Their actions are typically carried out for the common good. For example, they may exploit a vulnerability to raise awareness that it exists, but unlike white hat hackers, they do so publicly. This alerts malicious actors to the existence of the vulnerability.
Devices Most Vulnerable To Hacking
Smart devices, such as smartphones, are lucrative targets for hackers. Android devices, in particular, have a more open-source and inconsistent software development process than Apple devices, which puts them at risk of data theft or corruption. However, hackers are increasingly targeting the millions of devices connected to the Internet of Things (IoT).
Webcams built into computers are a common hacking target, mainly because hacking them is a simple process. Hackers typically gain access to a computer using a Remote Access Trojan (RAT) in rootkit malware, which allows them to not only spy on users but also read their messages, see their browsing activity, take screenshots, and hijack their webcam.
Hacking routers enables an attacker to gain access to data sent and received across them and networks that are accessed on them. Hackers can also hijack a router to carry out wider malicious acts such as distributed denial-of-service (DDoS) attacks, Domain Name System (DNS) spoofing, or cryptomining.
Email is one of the most common targets ofcyberattacks. It is used to spread malware and ransomware and as a tactic for phishing attacks, which enable attackers to target victims with malicious attachments or links.
Jailbreaking a phone means removing restrictions imposed on its operating system to enable the user to install applications or other software not available through its official app store. Aside from being a violation of the end-user’s license agreement with the phone developer, jailbreaking exposes many vulnerabilities. Hackers can target jailbroken phones, which allows them to steal any data on the device but also extend their attack to connected networks and systems.
Prevention from Getting Hacked
There are several key steps and best practices that organizations and users can follow to ensure they limit their chances of getting hacked.
Hackers are constantly on the lookout for vulnerabilities or holes in security that have not been seen or patched. Therefore, updating software and operating systems are both crucial to preventing users and organizations from getting hacked. They must enable automatic updates and ensure the latest software version is always installed on all of their devices and programs.
Use Unique Passwords for Different Accounts
Weak passwords or account credentials and poor password practices are the most common cause of data breaches and cyberattacks. It is vital to not only use strong passwords that are difficult for hackers to crack but also to never use the same password for different accounts. Using unique passwords is crucial to limiting hackers’ effectiveness.
Spoofed websites are another common vehicle for data theft, when hackers create a scam website that looks legitimate but will actually steal the credentials that users enter. It is important to look for the Hypertext Transfer Protocol Secure (HTTPS) prefix at the start of a web address. For example:https://www.fortinet.com.
Avoid Clicking on Ads or Strange Links
Advertisements like pop-up ads are also widely used by hackers. When clicked, they lead the user to inadvertently download malware or spyware onto their device. Links should be treated carefully, and strange links within email messages or on social media, in particular, should never be clicked. These can be used by hackers to install malware on a device or lead users to spoofed websites.
Change the Default Username and Password on Your Router and Smart Devices
Routers and smart devices come with default usernames and passwords. However, as providers ship millions of devices, there is a risk that the credentials are not unique, which heightens the chances of hackers breaking into them. It is best practice to set a unique username and password combination for these types of devices.
Protect Yourself Against Hacking
There are further steps that users and organizations can take to protect themselves against the threat of hacking.
Download from First-party Sources
Only download applications or software from trusted organizations and first-party sources. Downloading content from unknown sources means users do not fully know what they are accessing, and the software can be infected with malware, viruses, or Trojans.
Install Antivirus Software
Havingantivirus softwareinstalled on devices is crucial to spotting potential malicious files, activity, and bad actors. A trusted antivirus tool protects users and organizations from the latest malware, spyware, and viruses and uses advanced detection engines to block and prevent new and evolving threats.
Use a VPN
Using avirtual private network(VPN) allows users to browse the internet securely. It hides their location and prevents hackers from intercepting their data or browsing activity.
Do Not Login as an Admin by Default
"Admin" is one of the most commonly used usernames by IT departments, and hackers use this information to target organizations. Signing in with this name makes you a hacking target, so do not log in with it by default.
Use a Password Manager
Creating strong, unique passwords is a security best practice, but remembering them is difficult. Password managers are useful tools for helping people use strong, hard-to-crack passwords without having to worry about remembering them.
Use Two-factor Authentication
Two-factor authentication (2FA) removes people's reliance on passwords and provides more certainty that the person accessing an account is who they say they are. When a user logs in to their account, they are then prompted to provide another piece of identity evidence, such as their fingerprint or a code sent to their device.
Brush Up on Anti-phishing Techniques
Users must understand the techniques that hackers deploy to target them. This is especially the case withantiphishing and ransomware, which help users know the telltale signs of a phishing email or a ransomware attack or ransomware settlements.
Don't Let Hackers Drive You Out of Business
Learn more about today’s threat landscape andhow to protect your organization fromsophisticated attacks.
Watch the on-demand webinar
What is Ethical Hacking? How Legal is Ethical Hacking?
Ethical hacking refers to the actions carried out by white hat security hackers. It involves gaining access to computer systems and networks to test for potential vulnerabilities, and then fixing any identified weaknesses. Using these technical skills for ethical hacking purposes is legal, provided the individual has written permission from the system or network owner, protects the organization’s privacy, and reports all weaknesses they find to the organization and its vendors.
How Fortinet Can Help
Fortinet protects organizations from hacking with its suite of industry-leading cybersecurity solutions and threat intelligence. The Fortinetantivirus servicereduces the risk of malware causing a data breach, blocks the latest threats, and protects organizations fromzero-day attacks. The Fortinet antivirus solution plays a crucial role in securing enterprises' entireattack surfaceand IT environments, from on-premises and cloud-based systems to IoT and mobile devices.
What is hacking?
Hacking is the act of compromising digital devices and networks by gaining unauthorized access to an account or computer system.A key part of understanding hacking is understanding the intent behind it, which usually involves the hacker seeking access to digital infrastructure, application data, and stealing sensitive customer information that could damage companies if leaked online. When hacking is used to solicit money, it’s referred to as ransomware.
What are the seven types of hackers?
There are many different types of hackers, the most common of which are black, grey, and white hat hackers. Black hat hackers are the bad guys—the cyber criminals. The white hat or ethical hackers are the good guys, while grey hat hackers are somewhere in the middle.
Other common hacker types include blue hat hackers, which are amateur hackers who carry out malicious acts like revenge attacks, red hat hackers, who search for black hat hackers to prevent their attacks, and green hat hackers, who want to learn about and observe hacking techniques on hacking forums.
Other common hacker types are cyber terrorists, hacktivists, state- or nation-sponsored hackers, script kiddies, malicious insiders, and elite hackers.Some hacker groups are very well organized and continue to find new ways to identify weaknesses and organize security penetration of large and small organizations.
What is the biggest hack in history?
The biggest hack in history is thought to be the data breach against Yahoo! The 2013 attack compromised around 3 billion people, and the company revealed that every Yahoo! customer was affected by it.
Which country has the most hackers?
China is believed to be the country with the highest number of dangerous hackers. Most of the major cyberattacks that occurred around the world can be traced back to China.
JuicyPotato Hacking Tool Discovered on Compromised Web Servers
Mapping The Ransomware Landscape