These are the “Because We Can” and Hobby Hackers. They’re the amateurs of the cybercriminal world, but don’t let that fool you. The damage they cause is just as real — and because they’re not following a predictable playbook, they can be harder to anticipate than the professionals.

Guardian CEO Chuck Smith says these are just hackers who want to see if they can. “If your doors are open, they will. These aren’t APTs, but they can still break things,” Smith said. “These types of hackers are curious, bored, and testing their skills. They’re not always malicious, but the damage is real. Don’t let them test their skills on you.”

Instead of sophisticated techniques, these hackers rely on available tools, stolen credentials, simple scams, or known weaknesses. They’re opportunistic and looking for easier targets.

The “port scan”: They probe a computer, server, or network to see which communication ports are open and accepting connections. The hackers exploit vulnerabilities like software and operating systems that missed security updates and patches, or are no longer supported by the licensor. In addition, devices like laptops, desktops, servers, smartphones, and tablets that connect a company may not be secured properly.

Social engineering: Depending on their skills, these hackers may try tricking company employees into breaking their normal security procedures, thereby giving out information, granting access, or clicking links.

Purchasing and reusing passwords: The attackers first find real usernames and passwords from the Dark Web, made available through previous data breaches. This is known as “credential stuffing.”

What you need to do right now

Start here:

Take the threat seriously. You may think your company wouldn’t be on the radar of “Because We Can” or Hobby Hackers, but it’s the randomness and their lack of motive that can make them dangerous. You’re not looking for them, but they just happen to find you. Think about the Aspen Forest analogy (we talk about that a lot). Like the Aspen trees, we’re all connected. A hacker may find their way into one of your suppliers, customers, or vendors and keep pulling the thread until they get to you.

Make sure all patches and updates are current. As noted, attackers love to find software and operating systems that have missed security updates and patches, or are no longer vendor-supported.

Strictly enforce MFA (Multi-Factor Authentication). This requires your employees to verify their identity using two or more proofs, such as a password plus a code sent to their phone. With MFA, stolen passwords alone can’t grant access.

Monitor the Dark Web for stolen passwords. Continuously check whether employee usernames and passwords have been exposed or sold online, and automatically require password changes if any login information is compromised.

Employ behavioral analytics. This uses machine learning to spot unusual user or system activity patterns that could indicatea breach.

Analyze your cybersecurity budget. Most companies spend too much on reactive defenses which are necessary, but should not be counted on to work alone. They come into play once an attacker is already in your systems. You should also invest in proactive defenses, solutions that identify and stop threats before they breach your perimeter.