Cybercrime refers to criminal activity in cyberspace. Computing devices and the internet are the tools of cybercrimes. Digital devices and networks can be a victim or weapons of cybercrime. Several techniques and devices can be used as weapons to disturb other devices’ functioning or harm those devices’ users by stealing their sensitive information. Such information may include passwords, credit card details, personal photos, and financial documents. With the emergence of IoT, the threat is shifting from information leakage to life threat. Cybercrime is different from traditional crime because it can be committed virtually or without physical contact with the target and remain anonymous. The motivation of cybercriminals may include money, corporate espionage, political espionage, revenge, or hacktivism. Hacktivists are those who execute campaigns of civil obedience against the govt. or having political agenda.
Based on a line of attack cybercrime can be categorized as an internal / insider attack, or the External attack.
Internal / Insider Attack
This type of attack is done on the organizational level by the disgruntled employee who may have some concern with the management or professional jealousy. The insider may be a former employee who might recently joined the organization’s rival or a contractor. In the case of a single device, it may be a trusted person, who has access to the targeted computer.
External Attack
In this type of attack, the attacker from outside the organization attempts to gain unauthorized access to the resources. To gain unauthorized access the attacker exploits the vulnerabilities found in the hardware, operating system, or applications. Social Engineering techniques are common to gain unauthorized access in case of absence or misconfiguration of security controls.
Common Examples of Cybercrimes
Hacking
Hacking referred to gaining unauthorized access to a computer system by exploiting the vulnerabilities or weaknesses found in the system with the intent of damaging its functionality. It is a larger picture of cybercrime because all malicious cybercrime falls into hacking. However, cybercriminals use different techniques to compromise the systems. A person or a group of persons having extreme technical skills and knowledge of developing, and using sophisticated tools to compromise the systems are called hackers.
Cyber Espionage
Cyber espionage is an act of stealing data, information, or intellectual property from digital systems. Cyber espionage can be done by using various malicious techniques including social engineering, Advance Persistent Threat (APT), Man-in-The-Middle attack, installation of malicious tools (backdoors, or key logger), and the list goes on.
Data Manipulation
Contrary to stealing the data, It’s an act of fraudulent activity in which someone alters or modifies the actual information with malicious intent. Data manipulation is a serious threat to the organization and personal information because it may propagate fake results and can defame an individual or the goodwill of an organization. It takes a lot of time to review and fix the data in the original form if the manipulation has been made in a large data set. In the data manipulation activity, the attacker may perform small changes which may remain unnoticed by the user and may be a victim of such attacks. A malicious actor can manipulate payment information. Account information. Manipulating a website link can also be harmful if it is manipulated to redirect the link to a phishing or malicious website.
Data Breach
In a data breach, sensitive, private, or protected information is made available to an unauthorized person. In a data breach, the data are read, copied, or shared without authorization. Data breaches are occurred due to the vulnerabilities found in the system or users’ behavior. Data breaches are taken place by cybercriminals using several techniques such as phishing, Brute-force, or installing malware on the target systems.
Cyber Extortion
Acts of cybercriminals in which they demand money from the victim by threatening to propagate or leak the victim’s or organization’s sensitive, personal, and financial information. This may affect the personal life or relation of the victim or organizational status. To demand extortion the cybercriminal can launch a Brute-force attack that enables to provide unauthorized access to sensitive information, launch ransomware applications or make the organizational resources to the legitimate user by launching a Denial of Service attack.
Malware Distribution
Cybercriminals may install malware on the victim’s computers. Malware is software that affects the functioning of the computer or gives full access to cyber criminals remotely. Malware is distributed through the internet, embedded in hardware, email attachment, through websites, or attached with so-called antivirus software cleaner. Ransomware, Spyware, and key loggers are examples of malware.
Cyber Bullying
Cyber Bullying is an act of harassment by means of using computing devices through email or mobile messages. In such acts, cyber criminals send harmful or abusive content to harass someone. It can be committed for financial gain or to embarrass the victim.
