Many of you have relatives, acquaintances, and colleagues who, with incredible persistence, deny the fact that their computer could be of interest to intruders. An argument like “I do not use online banking and do not store commercially interesting information on my machine! I only read e-mail on it and sometimes sit on social networks. What’s the point of hackers hacking into me?“Is enough for them to ignore the protection of their devices.
And then they call you because the computer slows down / doesn’t work. Or they complain that someone borrowed money on their behalf. Or something else. Has this ever happened? I have – yes. I will try to influence the situation at least a little and show as simply as possible why cybercriminals need your “unnecessary” computers.
There are many ways to monetize a hacked average user’s PC. And the more different technologies you use in your everyday life, the more attractive and at the same time more accessible your computer or laptop for hacking. I want to show you a diagram that clearly shows the intruder’s interest in a typical home computer.
I want to emphasize that the abundance of covert exploitation techniques allow you to benefit from the simple fact of having computing power on the user’s computer. You can almost use a calculator!
Here’s what you can do:
As you can see (and this is not all the existing methods of exploitation), the interests of the attacker can be very diverse. Almost all aspects of online life can be commodified – if an aspect has value and can be resold, then rest assured that there is a service or product on the black market to monetize it.
Stealing license keys, creating a network of bots, hidden mining – hardly anyone would want intruders to profit from it. And these guys are very creative. And the lack of protection on the computer is a royal gift for them.
As an example of monetizing resources obtained from a user’s computer, one can cite the “point and click” tools that are offered on some “gray” forums. I am referring to the account verification tools that are used to determine the validity and status of the account of popular online stores and services, including Amazon, American Express, eBay, Facebook, iTunes, PayPal, Skype and others.
I hope that the scheme will be useful to a wide range of specialists, including information security. With its help, you can clearly demonstrate the danger of recklessness in protecting your computer. And this, perhaps, will force ordinary users to change their minds about the unnecessary protection of home (and even more so work) devices. This means we will have less headaches.
What else is interesting in the blog Cloud4Y
→ Frequent errors in Nginx settings, due to which the web server becomes vulnerable
→ Password as a Horcrux: Another way to protect your credentials
→ Tim Berners-Lee suggests storing personal data in pods
→ Prepare vApp template for VMware vCenter + ESXi test environment
→ Create AlwaysON Availability Group based on Failover Cluster
Subscribe to our Telegram-channel, so as not to miss the next article. We write no more than twice a week and only on business.