Back when the internet was younger, hacking was a precision art. Since there were fewer computer owners, hackers could “feel out” potential victims before hacking them. It was simply a case of hacking, staying undetected while stealing data, then selling it or making the victim ransom the stolen data.

But the precision art evolved into trawling. Doing reconnaissance on a potential victim is simply not worth the time or effort for most hackers. Hackers must now milk a successful catch for all it’s worth. Even after that, there is a market for scrap. The modern hacker is a businessperson.

Five Business Models Hackers Use

Hacking is big business. Cybercriminals made off with about $600 billion globally in 2018, according to the Center for Strategic and International Studies (CSIS). For comparison, that loot was nearly 30 times the budget of NASA in the same year. That figure will likely only increase—great for hackers; not great for the victims.

Hackers have bills too, like everyone else. Many employ their skills working as security consultants, vulnerability hunters, or even in jobs tangentially relevant to their skills. For a hacker who’s not employed by a state, company, or part of a group, money from hacking comes from five main sources.

1. Making Malware

Woman Wearing Black Hoodie Jacket Holding Grey Laptop Computer

Although it looks that way, the techniques for making malware are not shrouded in secrecy. Anyone—and you don’t need special coding skills—can make pesky malware by following instructions that abound on the web. Heck, even artificial intelligence aids in creating malware.

It’s all copy and paste, for the most part. But, of course, understanding the code syntax is a bonus, especially if you want to adjust virus definitions so your new malware escapes cursory scanning. For example, the instructions for making keyloggers abound online The example we reviewed in our research was just 14 lines of code written in C#.

Making advanced malware that’ll evade detection takes skill, time, and special tools. Not every hacker has these. So, a hacker with this trident sits high in the value chain of Malware-as-a-Service (MaaS). Usually, malware is pre-made and sold on the dark web. It’s fast, convenient, and less risky for the malware creator that way. But it’s possible to request custom-made malware at a premium. It is, after all, a business.

2. Deploying Malware

Big corporations often contract individuals or vendors offering niche services in their value chain. For example, Amazon has delivery partners who the company delivers packages to. In turn, delivery partners handle getting packages to their final destinations. Malware delivery works similarly. If you were a small-time hacker or someone who learned hacking to prank friends, deploying malware could be as simple as uploading the malicious file to a P2P file-sharing network or transferring the payload file via USB.

In the hacking business, there are hackers whose expertise is spreading malware. They know the lay of the digital landscape and the best routes, just like Amazon delivery partners know the communities they serve every day. Hackers with delivery expertise don't need to know how to create malware; they could buy some or partner with a creator and split the loot.

3. Recruiting Botnets for Rent or Sale

computer with a padlock

A botnet is an army of internet-enabled devices used for coordinated, large-scale cyberattacks. Hackers recruit botnets by infecting devices with malware and using that to link infected machines. Once recruited, hackers issue commands to a botnet via command and control nodes—communication channels that help hackers avoid backtraces.

Why botnets? Using a few computers to carry out an attack will expose a cyberattacker quickly. Of course, you will notice if your computer is running hot all the time from a heavy workload. And it could be easy for an entity with the resources to trace an attacker. Botnets help attackers load-shed. And because the bots are spread all over the world, attackers can avoid detection. Using layers of command and control nodes makes hiding even easier.

Botnets have been used for simple things, such as click frauds, follower and like frauds on social media, and spam email campaigns. Attackers have also used them for heavy stuff like Distributed Denial of Service (DDoS) attacks, illicit cryptomining, and large-scale phishing scams.

Recruiting botnets is no walk in the park. First, hackers must find vulnerabilities in computers, smartphones, and internet-of-things (IoT) devices they want to recruit. Then, they need to create malware that infects those devices specifically and stays undetected. Next, they could use the botnet or sell it.

Generally, botnets sell for an average of $20 per 1,000 if the hosts are globally-located. From here on, there’s a markup for botnets located in specific geographical locations. Hosts sourced from the EU cost an average of $60 per 1000. The going rate for American hosts is around $120 per 1000, as reported by ThreatPost. Of course, there’s a discount for buying wholesale. Meanwhile, the retail price for individual bots can go for as low as $0.02 and as high as $0.50 (as per Securelist) on the black market.

Is it worth it? For successful hackers, yes! Buying a botnet of 30,000 hosts will cost between $600 and $3,000. A DDoS attack with that botnet can return $26,000 per month, according to an MIT report. Successful bank frauds can return up to $20 million per month. Less operating expenses, the profit margin is not chicken change. But, of course, that’s if the hacker is successful.

4. Selling Stolen Data on the Black Market

Person Wearing Red Hoodie

Hacking to prank or show off is still in vogue, but why risk years in prison for nothing? Enterprising hackers set malware to scour infected devices for documents, make copies of those files, and encrypt the drive to lock the victim out.

If the infected device belongs to a company admin or employee with access to sensitive, priceless data, that’s a score. Hackers can take business secrets, intellectual property, and personal and financial details.

Stolen personal and financial data is in demand from other cybercriminals who use them for identity theft. For business secrets and intellectual property, corporate espionage and cyberterrorism provide a ready market.

5. Blackmailing Victims

If a hacker gets sensitive or compromising files from an infected machine, they can count on the victim’s desperation to extort them. Sometimes, the data stolen from a device isn’t worth much on the black market. In that case, attackers typically lock victims out of their devices. If the victim’s solo attempts to remove the malware fails, chances are they will pay for the decryption key.

What You Can Do to Prevent Exploitation

Security in a digital age

App, OS, and network vulnerabilities are how hackers can break into your computer to recruit an unwilling host or steal data. You can reduce the odds of a successful hack by updating your apps and operating system as soon as patches become available. In most cases, you can set your device and apps to install security updates automatically.

The same goes for closing network vulnerabilities. Consider using unique usernames and strong passwords for your Wi-Fi. This makes you less susceptible to wardriving attacks or Man-in-the-middle attacks. Also, you could use anti-malware like Microsoft Defender if you use a Windows PC.

Don't forget the importance of keeping backups of your sensitive files, perhaps using cloud storage, to give you some peace of mind against ransomware. Google, Microsoft, Amazon, and Apple all offer cloud storage services with beefy security. And if you don’t trust big tech with your files, there are secure cloud storage providers that use zero-knowledge encryption.

Hackers Have Everything to Gain

For the enterprising hacker, there are several options when it comes to making money. However, this requires finding, infecting, and exploiting a victim. Following cybersecurity best practices will help reduce your exposure to being a hacker’s cash cow.