The internet is gigantic. There's a wealth of users. So how do hackers find who to hack with so many people connected to the internet? Is it random bad luck? Do hackers specifically target certain people, or do they have a systematic way they find vulnerable devices?

Turns out, the answer is all of these. Nevertheless, it is possible to protect yourself from cyberattacks.

How Do Hackers Find Vulnerable Devices?

Man in Hoodie Sitting on a Chair

According to Cisco, over 5 billion people are connected to the internet worldwide, as of 2022. If that’s mind-blowing, consider that there will be over 29 billion connected devices by 2023, according to the latest estimates—that's more than triple the global population. This is understandable, considering that most people own at least one of four devices: a smartphone, a laptop, a tablet, or a smartwatch. These devices have unique IP addresses, akin to human fingerprints. And it is possible to use IP addresses to get a lot of information about a device using Internet of Things (IoT) search engines.

IoT Search Engines

Specialized IoT search engines like Rapid7 and MITRE track vulnerabilities known to specific devices. Using yet another IoT search engine like Shodan and ZoomEye, hackers can find devices connected to the internet, geolocation, port/operating system, services/host, and IP address. They can also check if those systems use default login passwords. Combining the data from these tools can help hackers find vulnerable devices on the internet and plan the most effective attack.

Spear Phishing

Hackers typically use spear phishing for targets in whom they’ve taken a deliberate interest. This process could take several days, weeks, or even months, depending on public (or privately-sourced) information about the target.

Spear phishing begins once they’ve learned enough about the target and obtained their private contact information. A hacker may then, for example, send an email containing a link or a file hosting malware. Clicking such a link or downloading such a file introduces malware that takes control of the victim’s device.

Man-in-the-Middle Attack

Photo of Bird Perched on Utility Pole

A Man-in-the-Middle (MITM) attack is where a hacker puts themselves between outgoing and incoming communications on a target’s network. A hacker may carry out this type of attack remotely or on-site. The latter usually happens when a hacker has a specific person in mind. Common MITM attacks include Wi-Fi spoofing and Bluetooth impersonation attacks.

Bluetooth Hacking

Bluetooth hacking techniques like Bluejacking, Bluesnarfing, and Bluebugging let hackers exploit vulnerabilities in Bluetooth-enabled devices to steal data. However, most hackers prefer to install malware because it is possible to stop Bluetooth hacking by turning off Bluetooth. Also, the victim may go out of range.

Bluetooth hacking is especially effective because of the abundance of compatible devices most people have in their homes, from wireless headphones to smartwatches, smartphones to laptops. And many leave Bluetooth turned on...

Session Hijacking

Session hijacking is when a hacker hijacks the victim’s active browsing session when they visit a site. This hijacking may happen in several ways, from tricking the victim into clicking malicious links to hackers using brute force.

What Can You Do to Prevent Hacking?

The internet is pretty much an open ledger for everyone with the right tools and motivation. However, it is possible to hide in the open, so to speak. Preventing a hack boils down to taking precautions that protect your privacy and security.

Encrypt Your Communications

Graphic Description of Encryption

Visiting a website, sending an email, streaming a video, or chatting on social media is essentially your computer sending requests or files over a network. An entity with access to the network would be able to see metadata that provides useful information on your online activities.

While some use metadata for marketing purposes, hackers can use it to plan and carry out their attacks. This makes encrypting your online communications important, and there are tools that can help.

  • Browsing with a VPN is like driving through a tunnel. In the computer world, VPNs mask your IP address and internet activities.
  • Modern browsers can alert you when you visit websites securely. Secure websites use HTTPS encryption to make sure everything you share is private.
  • Advanced browsers like Tor use onion routing to make your browsing even more private. Tor browsing isn't for everyone, but if you know what you're doing, it can be a useful tool in your arsenal.
  • Consider setting up advanced encryption for your computer. Windows, for example, lets users set up military-grade encryption.

Install Updates as They Become Available

There are chiefly two types of updates to consider: security updates and OS updates. Think of security updates as repairing broken posts in your fence. Without this update, your home would sooner be overrun by strays and wild animals. On the other hand, OS updates are like giving your entire fence, perhaps even the house, a complete makeover.

The best part is keeping your devices up-to-date doesn’t necessarily require active participation from you. You can set your device and apps to download and install updates automatically, as soon as they become available.

Limit the Information You Share Online

Person Holding Iphone Showing Social Networks Folder

The internet never forgets. Every post and multimedia content you’ve ever shared will be there for anyone to see. What’s more, the stuff you delete online is not truly gone. There will be a shadow, a digital footprint, that’ll be useful to someone with the know-how. For example, you can use the Wayback Machine to recover deleted posts online.

As such, consider scrutinizing information before you share it online. This includes your current location, personal information, employment details, and relationships. Why relationships? Because while it is possible to account for your personal cybersecurity, you cannot control or account for other people’s sense of privacy and cybersecurity.

Use an Antivirus and Keep it Updated

Your Windows computer comes with Microsoft Defender, which is just as good as a third-party antivirus, per the latest AV-TEST reports.

Macs also have their own built-in defender called XProtect, which is equally dependable. However, there is no absolute guarantee in cybersecurity, so should consider these antivirus apps for macOS.

Defending Your Cybersecurity

The rate of cyberattacks will most likely keep pace with the exceptional growth rate of devices connecting to the internet. However, it’s not all bad news. You can take steps to protect yourself from being a target. For starters, be mindful of the information you share online, and keep your devices and apps to date. And consider using advanced cybersecurity tools and measures based on your needs.