August 2, 2019

We read a lot of articles which mention an elusive person known as a “cybercriminal”.

Perhaps when you picture a cybercriminal you may imagine a teenager wearing a black hoodie? That is probably because the media have typically portrayed a cybercriminal in that way. Like any cliche, there is an element of truth in this. The Talk Talk data breach of 2015, for example, was carried out by teenagers; whether they wore a hoodie or not is unknown.  It’s a cliche that does more harm than good, though.

But what is the reality of the cybercriminal? What type of person(s) carries out these nefarious deeds? And, what do we know about them? Let’s take a look…

Types of Cybercriminal

The cliche of the hoodie wearing teenager

This has to be one of the most hated cliches in the entire industry, right?

As mentioned above, cliches often have some basis in truth. Cybercriminals can walk a fine line between “hacking for fun” and cybercrime. The WannaCry ransomware attack is a case in point. The alleged culprit was a young British man, Marcus Hutchins, who identified a vulnerability behind attack. Hutchins had also been behind other cybercrimes in the past.

Some young people who are interested in software code and computing have the skills to hack into networks and seem to find themselves just ‘having a go’.  Also, if a person is curious about the dark net they may find themselves exploring a world which leads them into the path of unsavoury company, alongside career cybercriminals. They could then be lured into the life of cybercrime.

But, let’s be frank here – it’s a terrible cliche.  It’s overused and probably warps public perception of cyber-crime away from the reality.  #NoMoreHoodieHackers

The Hactivist

Some would argue this type of cybercriminal is not an actual criminal, or at the very least follows a  reasonable code of ethics. Instead of crime for personal gain, they target companies, organisations, and governments they believe are unethical. Often they will use attack types like Distributed Denial of Service (DDoS) to stop websites and services running. Hacking groups like Anonymous are among this group.

The State Actor

An Individual or a group of cybercriminals may have state sponsorship for some or all of their campaigns.

Groups like the Russian sponsored ‘Fancy Bear‘ have been accused of attacks against U.S. political organisations. The Stuxnet cyber-attack on Iranian power facilities has been linked to the US and Israeli governments.

The Online Stalker

Stalkers are a serious nuisance at best, and at worst can be a danger to life. The UK’s National Stalking Advocacy Service has estimated around 5 million people experience stalking every year.

A U.S.survey from Harvard University, found that in at least 20% of stalking cases there was a cyber element – getting into emails or social media accounts to learn more about or manipulate their target.


The internet has opened up multiple opportunities for terrorism. These include ways to make money, launder money, and to carry out surveillance on their targets.

Money laundering is a big part of cybercrime and Europol has found that up to 5% of global GDP is laundered every year. Much of this will be online criminal networks, but some will be down to cyber-terrorist activities.

The Cybercrime Part-Timer

Cybercrime has become much easier in recent years as ‘rent-a-malware’ and ‘phishing kits’ are now available. These are made by cybercriminals with software development skills, then put up for rental or sale on the dark net for a very small cost. The part-time cybercriminal then needs far less technical know-how and can use these kits to carry out cyber-attacks such as phishing campaigns. The cybercriminal behind the rental package takes a cut of the proceeds with far less personal risk.

– Watch our hilarious security awareness training –

The Malicious Insider

Insider cybercrime, that is, cyber-attacks carried out by employees or other parties associated with a company, are common. According to a report from Computer Associates, 90% of companies feel that insiders pose a threat.

Insider crime can be very difficult to detect, especially if the insider has high level privileges to the network. Insiders can also be involved in collusion with outsiders. Crimes like theft of company secrets are often done in collusion; a competitive company offering financial rewards for information.

The Career Cybercriminal

This hard-core criminal makes their living by working full-time on cybercrime activities. They may focus on a specific area, such as developing malware that uses “command and control” tools; this allows them to make changes to malware, even once it’s installed as they have remote control. They often create sophisticated attack campaigns like ‘Business Email Compromise’ (BEC) which involves time-consuming surveillance of their targets.

Career cybercriminals make the world of cybercrime go round; they are behind some of the most persistent and lucrative types of attacks, like the BEC crime mentioned earlier, phishing campaigns and scams, and attacks on business networks.

There are many cybercriminal types and motives, and each exploits opportunities to make money or wreak havoc on our businesses and ourselves as individuals. Being aware of who they are and why they do what they do can help us to defend ourselves against cybercrime. Knowing what we are up against and the techniques used to attack us can give us the knowledge needed to fight back.

Serious and Organised Crime Gangs

Now, here’s thing – people often don’t truly appreciate that cybercrime is now common practice across the whole criminal sphere.  We’re in an age now, where Serious and Organised Crime Gangs – traditionally responsible for drug trafficking, complex frauds and human trafficking, see cybercrime as a low risk, high reward way to make their ill-gotten gains.

So, more than ever, “cybercriminals” aren’t even in any of the categories we’ve described above – but might recruit people from those categories to help with their criminal activities, or even seek to make use of the relatively freely available software to carry out their attacks – especially as those part-time cyber criminals create more and more advanced software, to assist non-technical criminals.

But, for all this talk of the bad guys, rest assured, there’s an army of good guys fighting the good fight.  And, we’re one of them – empowering your employees to be your strongest defence.  Why not sign up for a free demo and find out how our award-winning security awareness training can help your organisation stay safe.

Share this: