A hacker can scan your details in 10 seconds

Hackers these days are making "a good deal of money" as cybercrimes are on the rise across the world, said an expert.

Michael Calce, a Canadian IT security consultant, said ransomware is second only to e-mails in launching phishing attacks on large companies, banks and financial institutions.

"Ransomware is very popular. But, a lot of dirty tricks are still working and social engineering is highly common, especially in financial management," Calce told Khaleej Times.

Calce is Canada's most notorious White Hat hacker, a cybersecurity expert and author of How I Cracked the Internet and Why It's Still Broken. He is also president of Optimal Secure, a Montreal-based cyber security firm specialising in penetration testing, and works with companies like HP to help raise awareness around cybersecurity.

"Social engineering is still one of the most targeted attacks by hackers, but it all depends on the purpose of the attack. The denial-of-service attack that I launched in 2000 is being used to cripple competitor companies in the financial sector," he said.

To a question about the cost of data breach, he said on average, it is estimated to cost $10 million, depending on the size of the organisation and how large the breach is.

"Cybercrimes as a whole cost about $600 billion right now and are close to hit the $1 trillion mark in the coming years," he said.

Elaborating the mindset of a hacker, he said whoever is connected to the Internet today with a device can be scanned in just 10 minutes. "One can be probed and scanned in just 10 minutes by a hacker," he said.

"A special device, similar to the commonly-used USB, can scan passwords and login details of any workstation within 10 seconds and it costs just £20 [Dh95]. You just need to plug in to the PC or workstation to scan the details and hack the system."

To a question, he said wealth management groups are heavily targeted by hackers. Banks have high levels of security and are difficult to target, but financial wealth management groups have huge money but lower levels of security procedures.

Asked about solutions to control cyberattacks, he said: "Organisations need to train people to stop using default login and passwords. They need to make sure all devices are properly monitored and secured."

Calce said the US, Canada, Russia and China, among others, as well as all major players in the space industry are targets of such attacks.

"The list changes every day. Sometimes, the Middle East comes on top. Remember how Saudi Aramco was recently targeted," he concluded.