The Value of a Hacked Computer
In the early years of computer viruses, hackers would create malicious programs that would destroy data, corrupt boot records, and damage other critical components on a machine. The attacker's goal was to destroy the machine, but now attackers can make money on hacked computers, which changes their goals and malware activity. Instead of destroying data, attackers aim to steal it or use the machine in a distributed denial-of-service (DDoS). Hackers obtain value in malware installed on your computer, and this value can be turned into a business if done correctly. You must ensure that you have the right cybersecurity in place to defend against the many attacks on your computer.
Botnet Activity
The biggest value in a hacked computer is its ability to take commands from a hacker with access to the central control center. The machine will send a signal to the attacker's command and control center letting it know that the computer is compromised. This signal tells the hacker that another machine was added to their botnet, and it can be used in future DDoS attacks. Each individually hacked computer is called a zombie bot, and a group of zombie machines makes up a botnet. A botnet could have thousands of machines under the attacker's control.
When the attacker sends the signal to your hacked computer, the computer sends traffic to a designated target web server. This web server could be critical internet infrastructure or a small or large business. With enough traffic, the targeted server's resource usage spikes and can't handle the number of machines sending requests to the server simultaneously. The service crashes, and the attack continues until the targeted business can mitigate the issue.
Attackers use DDoS attacks as a for-hire service used to crash competitor businesses. If you own an online business, your competitor can pay an attacker with a large botnet to crash your services. Providers such as CloudFlare offer DDoS mitigation cybersecurity, but many smaller business owners think they would never be the target of an attack. Larger businesses have distributed servers across numerous geolocations, so attackers need numerous machines under control of botnet malware to be effective.
Stolen Credentials
Some attackers install malware on your computer that runs as a background service. With malware running in the background of your computer, every username and password you type into a web browser gets logged and sent to the attacker. With this keylogger malware, the attacker can obtain bank account numbers, credit card numbers, login credentials, contact lists, and other sensitive information.
With your account compromised, an attacker will then attempt to take control of it. For example, if an attacker can authenticate into your bank account, the next step would be to send money to an attacker-controlled account. The attacker might even use your stolen information to create bank accounts under your name. A hacker has numerous options when they have all your sensitive data under their control.
A good Endpoint Protection helps stop this attack, but malicious authors continually change their malware to bypass antivirus and antimalware applications. Always keep your antimalware applications updated with the latest patches, and ensure that your application can defend and detect the latest malware attacks. MSP's, always ensure that all computers and mobile devices have antimalware installed before they can successfully connect to the network.
Account theft is valuable to an attacker. The stolen accounts can be sold on darknet markets or used to create new accounts under your name. Identity theft is difficult to deal with online, so it's important that you keep antimalware applications updated so that attackers cannot steal your information. Once the information is out there, you will constantly battle identity theft issues.
Hijacking social media accounts is also common. Attackers will hack social media accounts and post covert messages, sometimes political to affect election results. If you don't monitor your social media accounts, an attacker can have conversations under your name without detection. High-profile accounts are especially valuable in this attack campaign.
Phishing Emails Using Your Contact List
Phishing spiked in 2020 during the pandemic lockdowns, and this attack continues to be a primary resource for attackers. Attackers use the pandemic to instill fear in recipients and bypass their normal suspicions when receiving an email asking for authentication credentials and other sensitive information. It's proven to be an effective way of stealing credentials and private information from targeted victims.
One common goal for an attacker is to compromise a computer and use your email contact list to send phishing emails to your friends and relatives. Since the email is from a legitimate sender and a trusted person, the recipient will often divulge sensitive information to the attacker. For example, the attacker might ask for credentials to a business network account. Since the email comes from a colleague, the recipient might respond with the credential information without asking questions or being suspicious.
Malicious attachments are also common in a phishing attack. Using your contact list, the attacker might send a Microsoft Word or Excel attachment with the email message. The attachment has malicious macros programmed to download malware that would give the attacker control of the recipient's machine. By hijacking additional computers, the attacker has a larger army of machines that can perform any number of malicious activities.
Cryptojacking and Mining Cryptocurrency
The popularity of cryptocurrency provides attackers with additional computer hijacking goals. Cryptojacking uses hijacked machines to mine cryptocurrency for the attacker. Mining cryptocurrency requires a lot of computer resources, so attackers program malware to mine during late hours when you are not using the computer. If your computer runs slowly while you use it, it could alert you to an issue. Cryptojacking malware that runs during late-night hours can avoid detection since the user is not working on the computer while it mines.
Attackers prefer targeting computers with extensive CPU and memory resources, so they target servers and high-powered machines. Your utility costs will go up when your computer is compromised and runs cryptojacking malware. Because cryptojacking is a newer form of malware, not all antimalware applications detect it. Make sure your antimalware application can detect malware that mines for cryptocurrency to protect your computer and your utility costs.
Conclusion...
A hacked computer has numerous valuable purposes for an attacker. The right Endpoint Protection application will stop many of these attacks, but you should always stay alert for phishing emails, unusual high levels of computer resource usage, and account security compromise. Your cybersecurity efforts should extend to any device on your network including mobile devices and IoT (Internet of Things). Always have antimalware running to protect from malicious programs and follow cybersecurity best practices for phishing and protecting account credentials.