Understanding hackers and how they attackWhatever the threat, it is arriving to your computer in one of two ways: human adversary or malware. Human attackers can use any of the hundreds of thousands of known computer exploits and attack methodologies to compromise a computer or device. People are supposed to run patching routines, and many devices and software programs try their best to automatically update themselves, yet many computers and devices are left vulnerable for long periods of time even after the patches are available, a fact that hackers love.Unique malware programs number into the hundreds of millions, with tens of thousands of new ones created and released each day. The three main malware categories are viruses (self-replicating), worms (self-traveling), and Trojan horse programs (which require an end-user action to execute). Today\u2019s malware, usually arriving via web page or email, is often a combination of multiple malware classes. Often the first malware program to exploit a system is just a \u201cstub downloader\u201d program, which gains initial access and then \u201cphones home\u201d to get more instructions and to download and install more sophisticated malware.Often the stub program will download over a dozen different new malware variations, each designed to avoid antimalware detection and removal. Malware writers maintain their own malware multi-detection services, similar to Google\u2019s legitimate VirusTotal, which is then linked to an automated updating service which modifies their malware to be undetectable by current antimalware engines. It\u2019s this nearly instantaneous updating that causes so many \u201cunique\u201d malware programs to be created and distributed.The malware writer or distributor may also be paid to infect people\u2019s devices with completely different types of malware. It\u2019s a renter\u2019s market out there, and if the malware controller can make more money renting the compromised devices than they can make alone, they will do it. Plus, it\u2019s much less risk for the controller in the end.Many hackers (and hacking groups) use malware to gain access across a company or much broader array of target victims, and then individually select some of the already compromised targets to spend more effort on. Other times, like with most ransomware, the malware program is the whole ball of wax, able to compromise and extort money without any interaction from its malicious leader. Once released, all the hacker has to do is collect the ill-gotten gains. Malware is often created and then sold or rented to the people who distribute and use them.Why do hackers hack?The reasons why hackers commit crimes fall into these general categories:Financial motivationsNation-state sponsored\/cyberwarfareCorporate espionageHackivistsResource theftGamer issuesFinancial theft and nation-state attacks are easily the largest portion of cybercrime. Decades ago, the lone, solitary youth hacker powered by junk food was an adequate representation of the average hacker. They were interested in showing themselves and others that they could hack something or create interesting malware. Rarely did they do real harm.Today, most hackers belong to professional groups, which are motivated by taking something of value, and often causing significant harm. The malware they use is designed to be covert as possible and to take as much of something of value as is possible before discovery.How do hackers hack?Regardless of their motivations, hackers or their malware usually break in and exploit a computer system the same way and use most of the same types of exploits and methodologies, including:Social engineeringUnpatched software and hardware vulnerabilitiesZero-day attacksBrowser attacksPassword attacksEavesdroppingDenial of servicePhysical attacksThis list does not include insider threats, unintended data leaks, misconfiguration, user errors, and myriad other threats not connected directly to intentional hacking.\u00a0 The most common ways devices are compromised are unpatched software and social engineering. These threats compromise the vast majority of the risk (over 95 percent) in most environments. Fix those issues and you get rid of a ton of risk.Zero-day attacks, where a hacker or malware program exploits a vulnerability not known by the public, are always newsworthy when they occur because the vendor doesn\u2019t yet have a patch for them. Only a handful of them are discovered each year. Usually, they exploit only one company, or a few companies, before they are found, analyzed, and patched. Far more zero days are probably being used, especially by nation-states, than we realize, but because they are used very sparingly by those types of hackers, we rarely discover them, and they can be used again and again when needed.The vast majority of malicious exploits come through the internet and require that a user do something \u2014 click on a link, download and execute a file, or supply a log-on name and password \u2014 for the maliciousness to begin. Browser security improvements have made less common \u201csilent drive-by\u201d attacks, where a threat executes without any user action when a user visits a web page or opens an email.Protection from hackersA key to defeating hackers and malware, regardless of their motivation, is to close the root cause exploit holes that allow them and their malware to be successful. Take a look at the root cause exploits listed above, determine which ones are used the most against your organization, and then create or improve existing defenses to minimize them. If you can do that, you\u2019ll build a solid security defense second to none.