When a cybercriminal carries out any kind of scam or attack, their targeting method will differ. Sometimes, they focus on random individuals in large numbers to increase their chance of getting a hit. But cybercriminals don’t always go for this approach. Instead, they’ll opt for big game hunting. So, what is this, and does it put you at risk?
What Is Big Game Hunting?
Big game hunting is often used to refer to the hunting of rare, precious, or valuable animals, such as lions, tigers, and elephants. But this highly controversial act is also mirrored in the digital world.
In big game hunting, cybercriminals target individuals and companies that are known to harbor a lot of value. This value can be directly monetary, but can also come in the form of private data, such as payment details, social security numbers, and email addresses. Data is highly valuable on dark web marketplaces, where other malicious actors can buy your sensitive information and exploit it for financial gain.
Not all cybercriminals are looking for small wins here and there. Some want to hit hard and take a target for everything they’ve got. So, if they’re going for this approach, it’s better for them that the target is known to be worth a shot.
But big game hunting attacks are not all one and the same. Each attack of this nature can vary widely in its method and goals.
How Does Big Game Hunting Work?
While individuals can also be targeted in big game hunting, the key victims are often organizations that harbor vast amounts of data or money. Examples of such targets include governments, banks, healthcare providers, and social media companies. The end game is almost always financial benefit, but this can be achieved in a number of ways.
What’s important to first note is that big game hunting attacks are often very sophisticated. This is because the operators are usually going after big companies that know their way around basic forms of cyberattacks. The more sophisticated a tactic, the harder it is to shut down or mitigate.
Big game hunting often involves the use of ransomware. This is a very dangerous kind of malware that can encrypt all the files on a target device. In order to receive the decryption key, the victim must pay the ransom demanded by the attacker. Ransomware is commonly used in big game hunting because there’s a greater chance of receiving a higher ransom if the target is known to be wealthy.
But sometimes, the attackers don’t even supply the decryption key after payment. Needless to say, ransomware can lead to some dire situations.
Big game hunting attacks are usually carried out by criminal groups, rather than individuals. Ransomware gangs are now a significant threat to people around the world, as well as ransomware-as-a-service platforms.
When a criminal group finds a target, there are various criteria that they will look into before carrying out the attack. The organization’s financial holdings and digital security integrity are particularly important boxes to check here. If it is found that the target is in any way lacking in its cybersecurity measures, this could provide the perfect point of entry for the ransomware operators.
A lot of big companies have been targeted by ransomware operators, including Apple, Kronos, Acer, and the Colonial Pipeline Company.
Avoiding Big Game Hunting
Well-known companies can’t really avoid the act of big game hunting. If they’re known by cybercriminals to be a potentially valuable target, then it’s likely they will be targeted. But organizations still employ various cybersecurity measures to lower the chance of a given attacker being successful in their illicit venture.
Such measures include the installation of antivirus software, limited permissions to certain accounts, and staff training: it is crucial that company employees know what certain attacks look like and how to avoid them.
But regular folk don’t need to worry too much about big game hunting. While high-profile figures can be vulnerable to such attacks, everyday individuals likely will not be targeted.
Big Game Hunting Is a Risk to Larger Organizations
While individuals can certainly be targeted in big game hunting, larger organizations are the most at risk. The more prosperous a company, the more alluring it becomes to threat actors. We’ve seen big game hunting’s repercussions in the past, and we’ll likely continue to see its effects in the future.