10/10/2023
Learn Some Details about What Cyber Crimes Are?
WHAT IS CYBER CRIME?
Cybercrime is any criminal activity that involves a computer, networked device or a network.
While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them. Others use computers or networks to spread malware, illegal information, images or other materials. Some cybercrimes do both -- i.e., target computers to infect them with a computer virus, which is then spread to other machines and, sometimes, entire networks.
A primary effect of cybercrime is financial.
Cybercrime can include many different types of profit-driven criminal activity, including ransomware attacks, email and internet fraud, and identity fraud, as well as attempts to steal financial account, credit card or other payment card information.
Cybercriminals may target an individual's private information or corporate data for theft and resale.
The U.S. Department of Justice (DOJ) divides cybercrime into three categories:
1, Crimes in which the computing device is the target -- for example, to gain network access;
2, Crimes in which the computer is used as a weapon -- for example, to launch a denial-of-service (DoS) attack; and
3, Crimes in which the computer is used as an accessory to a crime -- for example, using a computer to store illegally obtained data.
The Council of Europe Convention on Cybercrime, to which the U.S. is a signatory, defines cybercrime as a wide range of malicious activities, including the illegal interception of data, system interferences that compromise network integrity and availability, and copyright infringements.
The necessity of internet connectivity has enabled an increase in the volume and pace of cybercrime activities because the criminal no longer needs to be physically present when committing a crime. The internet's speed, convenience, anonymity and lack of borders make computer-based variations of financial crimes -- such as ransomware, fraud and money laundering, as well as crimes such as stalking and bullying -- easier to carry out.
Cybercriminal activity may be carried out by individuals or groups with relatively little technical skill, Or by highly organized global criminal groups that may include skilled developers and others with relevant expertise. To further reduce the chances of detection and prosecution, cybercriminals often choose to operate in countries with weak or nonexistent cybercrime laws.
HOW CYBERCRIMES WORK
Cybercrime attacks can begin wherever there is digital data, opportunity and motive.
Cybercrimes generally do not occur in a vacuum; they are, in many ways, distributed in nature. That is, cybercriminals typically rely on other actors to complete the crime. This is whether it's the creator of malware using the dark web to sell code, the distributor of illegal pharmaceuticals using cryptocurrency brokers to hold virtual money in escrow or state threat actors relying on technology subcontractors to steal intellectual property (IP).
Cybercriminals use various attack vectors to carry out their cyberattacks and are constantly seeking new methods and techniques for achieving their goals, while avoiding detection and arrest.
Cybercriminals often carry out their activities using malware and other types of software, but social engineering is often an important component for executing most types of cybercrime. Phishing emails are another important component to many types of cybercrime but especially so for targeted attacks, like business email compromise (BEC), in which the attacker attempts to impersonate, via email, a business owner in order to convince employees to pay out bogus invoices.
DIFFERENT TYPES OF CYBERCRIMES
There are many different types of cybercrime. Most cybercrimes are carried out with the expectation of financial gain by the attackers, though the ways cybercriminals aim to get paid can vary. Some specific types of cybercrimes include the following:
Cyberextortion:
A crime involving an attack or threat of an attack coupled with a demand for money to stop the attack. One form of cyberextortion is the ransomware attack. Here, the attacker gains access to an organization's systems and encrypts its documents and files -- anything of potential value -- making the data inaccessible until a ransom is paid. Usually, this is in some form of cryptocurrency, such as bitcoin.
Cryptojacking:
An attack that uses scripts to mine cryptocurrencies within browsers without the user's consent. Cryptojacking attacks may involve loading cryptocurrency mining software to the victim's system. However, many attacks depend on JavaScript code that does in-browser mining if the user's browser has a tab or window open on the malicious site. No malware needs to be installed as loading the affected page executes the in-browser mining code.
Identity theft:An attack that occurs when an individual accesses a computer to glean a user's personal information, which they then use to steal that person's identity or access their valuable accounts, such as banking and credit cards. Cybercriminals buy and sell identity information on darknet markets, offering financial accounts, as well as other types of accounts, like video streaming services, webmail, video and audio streaming, online auctions and more. Personal health information is another frequent target for identity thieves.
Credit card fraud:
An attack that occurs when hackers infiltrate retailers' systems to get the credit card and/or banking information of their customers. Stolen payment cards can be bought and sold in bulk on darknet markets, where hacking groups that have stolen mass quantities of credit cards profit by selling to lower-level cybercriminals who profit through credit card fraud against individual accounts.
Cyberespionage:
A crime involving a cybercriminal who hacks into systems or networks to gain access to confidential information held by a government or other organization. Attacks may be motivated by profit or by ideology. Cyberespionage activities can include every type of cyberattack to gather, modify or destroy data, as well as using network-connected devices, like webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual or groups and monitoring communications, including emails, text messages and instant messages.
Software piracy:
An attack that involves the unlawful copying, distribution and use of software programs with the intention of commercial or personal use. Trademark violations, copyright infringements and patent violations are often associated with this type of cybercrime.
Exit scam:
The dark web, not surprisingly, has given rise to the digital version of an old crime known as the exit scam. In today's form, dark web administrators divert virtual currency held in marketplace escrow accounts to their own accounts -- essentially, criminals stealing from other criminals.
Common examples of cybercrime
Some of the more commonly seen cybercrime attacks include distributed DoS (DDoS) attacks, which are often used to shut down systems and networks. This type of attack uses a network's own communications protocol against it by overwhelming its ability to respond to connection requests. DDoS attacks are sometimes carried out simply for malicious reasons or as part of a cyberextortion scheme, but they may also be used to distract the victim organization from some other attack or exploit carried out at the same time.
Infecting systems and networks with malware is an example of an attack used to damage the system or harm users. This can be done by damaging the system, software or data stored on the system. Ransomware attacks are similar, but the malware acts by encrypting or shutting down victim systems until a ransom is paid.
Phishing campaigns are used to infiltrate corporate networks. This can be by sending fraudulent emails to users in an organization, enticing them to download attachments or click on links that then spread viruses or malware to their systems and through their systems to their company's networks.
Credential attacks are when a cybercriminal aims to steal or guess user IDs and passwords for the victim's systems or personal accounts. They can be carried out through the use of brute-force attacks by installing keylogger software or by exploiting vulnerabilities in software or hardware that can expose the victim's credentials.
Cybercriminals may also attempt to hijack a website to change or delete content or to access or modify databases without authorization. For example, an attacker may use a Structured Query Language (SQL) injection exploit to insert malicious code into a website, which can then be used to exploit vulnerabilities in the website's database, enabling a hacker to access and tamper with records or gain unauthorized access to sensitive information and data, such as customer passwords, credit card numbers, personally identifiable information (PII), trade secrets and IP.
Other common examples of cybercrime include illegal gambling, the sale of illegal items -- like weapons, drugs or counterfeit goods -- and the solicitation, production, possession or distribution of child po*******hy.
Source: https://www.techtarget.com/searchsecurity/definition/cybercrimehttps://www.techtarget.com/searchsecurity/definition/cybercrime
Cybercrime is any activity involving a computer, network or networked device for criminal means. Learn about how to prevent cybercrime, examples and more.
