Hackers have a variety of tools. The most basic one used is the concept of phishing. Everybody here probably routinely gets a number of phishing emails. Now they're starting to do text-message phishing that says “click on this link”, and as soon as you click, that's it: your device has just been downloaded with an unwelcome visitor that resides there, often gathering information about your daily online activities without your knowing, until such time as that information is of value, for whatever purpose.
Phishing and the ability to infect devices with malware is very prevalent, and hackers are really key at wanting to do that to capture personal information as well as information such as your bank account number, your password, and so on, so that they can log in as you from another place and time and transfer all of your funds to some other destination.
Phishing is number one, but you might have heard a couple of weeks ago about quite a successful denial-of-service attack generated by the Internet of things in things as basic as your home thermostat. All of these devices that connect to the Internet come with often pre-set standard passwords. The user may not always know what the standard password is or even know how to change the standard password, but hackers will know how to do it, so they'll be able to penetrate your home networks and lurk until such time as they need to do what they'd like to do.
Unfortunately, given the complexity of technology in our homes and businesses.... At least in our businesses we have LAN administrators and technologists who are looking out for us, but at home we're all obliged to become at least basic technology defenders in some way.