Updated: 16 August 2024
Contributor: Matthew Kosinski
Hacking (also called cyber hacking) is the use of unconventional or illicit means to gain unauthorized access to a digital device, computer system or computer network. The classic example is a cybercriminal who exploits security vulnerabilities to break into a network and steal data.
But hacking does not always have malicious purposes. A consumer who jiggers their personal smartphone to run custom programs is also, technically speaking, a hacker.
Malicious hackers have built an enormous cybercrime economy, where outlaws profit by starting cyberattacks, extorting victims or selling malware and stolen data to one another. The global cost of all cybercrime is expected to reach nearly USD 24 trillion by 2027.1
Malicious hacks can have devastating consequences. Individuals face identity theft, monetary theft and more. Organizations can suffer system downtime, data leaks and other harms that lead to lost customers, lower revenue, damaged reputations and fines or other legal punishments. All told, according to the IBM® Cost of a Data Breach Report, the average data breach costs an organization USD 4.88 million.
On the other end of the hacking spectrum, the cybersecurity community depends on ethical hackers—hackers with helpful rather than criminal intentions—to test security measures, address security flaws and prevent cyberthreats. These ethical hackers make a living by helping companies shore up their security systems or by working with law enforcement to take down their malicious counterparts.
A cyberattack is an intentional effort to harm a computer system or its users, while hacking is the act of gaining access to or control over a system through unsanctioned means. The key difference is that cyberattacks always damage their targets, but hacking can be good, bad or neutral.
Malicious actors can, and often do, use hacking techniques to start cyberattacks—for example, someone exploiting a system vulnerability to break into a network to plant ransomware.
Alternatively, ethical hackers use hacking techniques to help organizations strengthen their defenses. This is essentially the opposite of a cyberattack.
Another important distinction is that hacking isn't always illegal. If a hacker has permission from a system’s owner—or is the system’s owner—their activity is legal.
In contrast, cyberattacks are nearly always illegal, as they do not have the target’s consent and actively aim to cause harm.
Get the most up-to-date information on the financial implications of data breaches and learn how to safeguard your organization's reputation and bottom line.
Get the X-Force Cloud Threat Landscape Report 2024
Register for the X-Force® Threat Intelligence Index
Hackers fall into 3 main categories based on their motives and tactics:
Malicious hackers who hack to cause harm
Ethical hackers who hack to protect companies from harm
Vigilante or “gray hat” hackers who blur the lines between “good” and “bad” hacking
Malicious hackers (sometimes called “black hat hackers”) are cybercriminals who hack for nefarious reasons, harming their victims for personal or financial gain.
Some malicious hackers conduct cyberattacks directly, while others develop malicious code or exploits to sell to other hackers on the dark web. (See, for example, ransomware as a service arrangements.) They can work alone or as part of a ransomware gang, scam ring or other organized groups.
Money is the most common motivator for malicious hackers. They commonly “earn” their pay by:
Stealing sensitive or personal data,—login credentials, credit card numbers, bank account numbers, social security numbers—that they can use to break into other systems, commit identity theft or sell.
According to the IBM X-Force Threat Intelligence Index, data exfiltration is the most common impact of cyberattacks, occurring in 32% of attacks.
Extorting victims, such as using ransomware attacks or distributed denial of service (DDoS) attacks to hold data, devices or business operations hostage until the victim pays a ransom. Extortion, which occurs in 24% of incidents, is the second-most common attack impact according to the Threat Intelligence Index.
Conducting corporate espionage for hire, stealing intellectual property or other confidential information from their client company’s competitors.
Malicious hackers sometimes have motivations aside from money. For example, a disgruntled employee might hack an employer’s system purely for spite over missing a promotion.
Ethical hackers (sometimes called "white hat hackers") use their computer hacking skills to help companies find and fix security vulnerabilities so threat actors can't exploit them.
Ethical hacking is a legitimate profession. Ethical hackers work as security consultants or employees of the companies they're hacking. To build trust and prove their skills, ethical hackers earn certifications from bodies such as CompTIA and EC-Council. They follow a strict code of conduct. They always get permission before they hack, don't cause damage and keep their findings confidential.
One of the most common ethical hacking services is penetration testing (or “pen testing”), in which hackers start mock cyberattacks against web applications, networks or other assets to find their weaknesses. They then work with the owners of the assets to remediate those weaknesses.
Ethical hackers can also conduct vulnerability assessments, analyze malware to gather threat intelligence or participate in secure software development lifecycles.
Gray hat or grey hat hackers don't fit neatly into the ethical or malicious camps. These vigilantes break into systems without permission, but they do so to help the organizations they hack—and maybe get something in return.
The name “gray hat” references the fact that these hackers operate in a moral gray area. They tell companies about the flaws that they find in their systems, and they might offer to fix these vulnerabilities in exchange for a fee or even a job. While they have good intentions, they can accidentally tip off malicious hackers about new attack vectors.
Some amateur programmers simply hack for fun or to learn or gain notoriety for breaching difficult targets. For example, the rise of generative AI has fueled a surge of hobbyist AI hackers who experiment with jailbreaking AI models to make them do new things.
"Hacktivists" are activists who hack systems to bring attention to social and political issues. The loose collective Anonymous is probably the most well-known hacktivist group, having staged attacks against high-profile targets such as the Russian government and the United Nations.
State-sponsored hackers have the official backing of a nation-state. They work with a government to spy on adversaries, disrupt critical infrastructure or spread misinformation, often in the name of national security.
Whether these hackers are ethical or malicious is in the eye of the beholder. Consider the Stuxnet attack on Iranian nuclear facilities, believed to be the work of the US and Israeli governments. Anyone who views Iran's nuclear program as a security threat might consider that attack ethical.
Ultimately, what a hacker does is gain access to a system in some way that the system’s designers did not intend them to. How they do this depends on their goals and the systems they're targeting.
A hack can be as simple as sending out phishing emails to steal passwords from anyone who bites or as elaborate as an advanced persistent threat (APT) that lurks in a network for months.
Some of the most common hacking methods include:
- Specialized operating systems
- Network scanners
- Malware
- Social engineering
- Credential theft and account abuse
- AI-enabled hacks
- Other attacks
While people can use standard Mac or Microsoft operating systems to hack, many hackers use customized operating systems (OSs) loaded with tailor-made hacking tools such as credential crackers and network scanners.
For example, Kali Linux, an open source Linux distribution designed for penetration testing, is popular among ethical hackers.
Hackers use various tools to learn about their targets and identify weaknesses they can exploit.
For example, packet sniffers analyze network traffic to determine where it's coming from, where it's going and what data it contains. Port scanners remotely test devices for open and available ports hackers can connect to. Vulnerability scanners search for known vulnerabilities, allowing hackers to quickly find entryways into a target.
Malicious software, or malware, is a key weapon in malicious hackers' arsenals. According to the X-Force Threat Intelligence Index, 43% of cyberattacks involve malware.
Some of the most common malware types include:
Ransomware locks up a victim's devices or data and demands a ransom payment to unlock them.
Botnets are networks of internet-connected, malware-infected devices under a hacker's control. Botnet malware often targets Internet of Things (IoT) devices because of their typically weak protections. Hackers use botnets to start distributed denial of service (DDoS) attacks.
Trojan horses disguise themselves as useful programs or hide within legitimate software to trick users into installing them. Hackers use Trojans to secretly gain remote access to devices or download other malware without users knowing.
Spyware secretly gathers sensitive information—such as passwords or bank account details—and transmits it back to the attacker.
Infostealing malware has become especially popular among cybercriminals as cybersecurity teams have learned to thwart other common malware strains. The Threat Intelligence Index found that infostealer activity increased by 266% in 2022–2023.
Social engineering attacks trick people into sending money or data to hackers or granting them access to sensitive systems. Common social engineering tactics include:
Phishing attacks, such as business email compromise scams, that use fraudulent emails or other messages.
Spear phishing attacks that target specific individuals, often by using details from their public social media pages to gain their trust.
Baiting attacks, where hackers place malware-infected USB drives in public places.
Scareware attacks, which use fear to coerce victims into doing what the hacker wants.
Hackers are always looking for the path of least resistance, and in many enterprise networks, that means stealing employee credentials. According to the IBM® X-Force® Threat Intelligence Index, valid account abuse is the most common cyberattack vector, accounting for 30% of all incidents.
Armed with employee passwords, hackers can masquerade as authorized users and waltz right past security controls. Hackers can obtain account credentials through various means.
They can use spyware and infostealers to harvest passwords or trick users into sharing login information through social engineering. They can use credential-cracking tools to launch brute-force attacks—automatically testing potential passwords until one works—or even buy previously stolen credentials off the dark web.
Much like defenders now use artificial intelligence (AI) to fight cyberthreats, hackers are using AI to exploit their targets. This trend manifests in two ways: hackers using AI tools on their targets and hackers targeting vulnerabilities in AI apps.
Hackers can use generative AI to develop malicious code, spot vulnerabilities and craft exploits. In one study, researchers found that a widely available large language model (LLM) such as ChatGPT can exploit one-day vulnerabilities in 87% of cases (link resides outside of ibm.com).
Hackers can also use LLMs to write phishing emails in a fraction of the time—five minutes versus the 16 hours it would take to draft the same email manually, according to the X-Force Threat Intelligence Index.
By automating significant portions of the hacking process, these AI tools can lower the barrier for entry into the hacking field, which has both positive and negative consequences.
- Positive: More benign hackers can help organizations strengthen their defenses and improve their products.
- Negative: Malicious actors don’t need advanced technical skills to start sophisticated attacks—they simply need to know their way around an LLM.
As for the expanding AI attack surface, the increasing adoption of AI apps gives hackers more ways to harm enterprises and individuals. For example, data poisoning attacks can degrade AI model performance by sneaking low-quality or intentionally skewed data into their training sets. Prompt injections use malicious prompts to trick LLMs into divulging sensitive data, destroying important documents or worse.
Man-in-the-middle (MITM) attacks, also known as adversary-in-the-middle (AITM), involve hackers eavesdropping on sensitive communications between two parties, such as emails between users or connections between web browsers and web servers.
For example, a DNS spoofing attack redirects users away from a legitimate webpage to one the hacker controls. The user thinks they are on the real site, and the hacker can secretly steal the information they share.
Injection attacks, such as cross-site scripting (XSS), use malicious scripts to manipulate legitimate apps and websites. For example, in an SQL injection attack, hackers make websites divulge sensitive data by entering SQL commands into public-facing user input fields.
Fileless attacks, also called “living off the land,” is a technique where hackers use assets they have already compromised to move laterally through a network or cause further damage. For example, if a hacker gains access to a machine’s command-line interface, they can run malicious scripts directly in the device’s memory without leaving much of a trace.
The 414s
In the early 1980s, a group of hackers known as the 414s breached targets, including the Los Alamos National Laboratory and Sloan-Kettering Cancer Center. While the 414s caused little real damage, their hacks motivated the US Congress to pass the Computer Fraud and Abuse Act, which officially made malicious hacking a crime.
The Morris worm
One of the first computer worms, the Morris worm was released onto the internet in 1988 as an experiment. It caused more damage than intended, forcing thousands of computers offline and racking up an estimated USD 10 million in costs related to downtime and remediation.
Robert Tappan Morris, the worm's programmer, was the first person to receive a felony conviction under the Computer Fraud and Abuse Act.
Colonial Pipeline
In 2021, hackers infected Colonial Pipeline's systems with ransomware, forcing the company to temporarily shut down the pipeline supplying 45% of the US East Coast's fuel. Hackers used an employee's password, found on the dark web, to access the network. The Colonial Pipeline Company paid a USD 5 million ransom to regain access to its data.
Change Healthcare
In 2024, the payment system company Change Healthcare suffered a massive data breach (link resides outside of ibm.com) that disrupted billing systems throughout the US healthcare industry. The hackers obtained personal data, payment details, insurance records and other sensitive information for millions of people.
Because of the sheer number of transactions that Change Healthcare helps process, the breach is estimated to have affected as many as one-third of all Americans. The total costs associated with the breach might reach USD 1 billion.
Any organization that relies on computer systems for critical functions—which includes most businesses—is at risk of a hack. There is no way to stay off hackers' radars, but companies can make it harder for hackers to break in, reducing both the likelihood and costs of successful hacks.
- Common defenses against hackers include:
- Strong passwords and authentication policies
- Cybersecurity training
- Patch management
- Security AI and automation
- Threat detection and response tools
- Data security solutions
- Ethical hacking
Strong passwords and authentication policies
According to the Cost of a Data Breach Report, stolen and compromised credentials are the most common attack vector for data breaches.
Strong passwords can make it harder for hackers to steal credentials. Strict authentication measures such as multifactor authentication (MFA) and privileged access management (PAM) systems make it so that hackers need more than a pilfered password to hijack a user’s account.
Cybersecurity training
Training employees on cybersecurity best practices such as recognizing social engineering attacks, following company policies and installing appropriate security controls, can help organizations prevent more hacks. According to the Cost of a Data Breach Report, training can reduce the cost of a data breach by as much as USD 258,629.
Patch management
Hackers often look for easy targets, choosing to breach networks with well-known vulnerabilities. A formal patch management program can help companies stay updated on security patches from software providers, making it harder for hackers to get in.
Security AI and automation
The Cost of a Data Breach Report found that organizations that heavily invest in AI and automation for cybersecurity can reduce the cost of an average breach by USD 1.88 million. They also identify and contain breaches 100 days faster than organizations that don’t invest in AI and automation.
The report notes that AI and automation can be especially beneficial when deployed in threat prevention workflows such as attack surface management, red teaming and posture management.
Threat detection and response tools
Firewalls and intrusion prevention systems (IPSs) can help detect and block hackers from entering a network. Security information and event management (SIEM) software can help spot hacks in progress. Antivirus programs can find and delete malware, and endpoint detection and response (EDR) platforms can automate responses to even complex hacks. Remote employees can use virtual private networks (VPNs) to strengthen network security and shield traffic from eavesdroppers.
Data security solutions
Organizations with centralized control over data, regardless of where it resides, can identify and contain breaches faster than organizations without such control, according to the Cost of a Data Breach Report.
Tools such as data security posture management solutions, data loss prevention (DLP) solutions, encryption solutions and secure backups can help protect data in transit, at rest and in use.
Ethical hacking
Ethical hackers are one of the best defenses against malicious hackers. Ethical hackers can use vulnerability assessments, penetration tests, red teaming and other services to find and fix system vulnerabilities and information security issues before hackers and cyberthreats can exploit them.
Take advantage of the latest cybersecurity solutions and functionalities on cloud or hybrid cloud to enhance your access management, network security and endpoint security.
Put your people to the test through phishing, vishing and physical social engineering exercises.
Protect data across hybrid clouds and simplify compliance requirements.
Cyberattacks are attempts to steal, expose, alter, disable, or destroy another's assets through unauthorized access to computer systems.
Vulnerability management is the continuous discovery and resolution of security flaws in an organization’s IT infrastructure and software.
Learn how to improve your data security and compliance posture even as the IT landscape becomes increasingly decentralized and complex.
Data breach costs have hit a new high. Get insights on how to reduce these costs from the experiences of 604 organizations and 3,556 cybersecurity and business leaders.
Learn from the challenges and successes experienced by security teams around the world.
Get key insights and practical strategies for securing your cloud with the latest threat intelligence.
Footnotes
1 2023 was a big year for cybercrime—here’s how we can make our systems safer. World Economic Forum. 10 January 2024. (Link resides outside ibm.com.)