What is cybercrime?

Cybercrime is any criminal activity that involves a computer, networked device or a network.

While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes
are carried out against computers or devices directly to damage or disable them. Others use computers or
networks to spread malware, illegal information, images or other materials. Some cybercrimes do both -- i.e.,
target computers to infect them with a computer virus, which is then spread to other machines and,
sometimes, entire networks.

A primary effect of cybercrime is financial. Cybercrime can include many different types of profit-driven
criminal activity, including ransomware attacks, email and internet fraud, and identity fraud, as well as
attempts to steal financial account, credit card or other payment card information.

Cybercriminals may target an individual's private information or corporate data for theft and resale. As many
workers settle into remote work routines due to the pandemic, cybercrimes are expected to grow in
frequency in 2021, making it especially important to protect backup data.

What is cybercrime?
Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked
device. Most cybercrime is committed by cybercriminals or hackers who want to make money. However,
occasionally cybercrime aims to damage computers or networks for reasons other than profit. These could be
political or personal.
Cybercrime can be carried out by individuals or organizations. Some cybercriminals are organized, use
advanced techniques and are highly technically skilled. Others are novice hackers.

What are the types of cybercrime?

Types of cybercrime include:

● Email and internet fraud.

● Identity fraud (where personal information is stolen and used).

● Theft of financial or card payment data.

● Theft and sale of corporate data.

● Cyberextortion (demanding money to prevent a threatened attack).

● Ransomware attacks (a type of cyberextortion).

● Cryptojacking (where hackers mine cryptocurrency using resources they do not own).

● Cyberespionage (where hackers access government or company data).

● Interfering with systems in a way that compromises a network.

● Infringing copyright.
● Illegal gambling.

● Selling illegal items online.

● Soliciting, producing, or possessing child pornography.

Cybercrime involves one or both of the following:

● Criminal activity targeting computers using viruses and other types of malware.

● Criminal activity using computers to commit other crimes.

Cybercriminals that target computers may infect them with malware to damage devices or stop them
working. They may also use malware to delete or steal data. Or cybercriminals may stop users from using a
website or network or prevent a business providing a software service to its customers, which is called a
Denial-of-Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using computers or networks to spread
malware, illegal information or illegal images.
Cybercriminals are often doing both at once. They may target computers with viruses first and then use them
to spread malware to other machines or throughout a network. Some jurisdictions recognize a third category
of cybercrime which is where a computer is used as an accessory to crime. An example of this is using a
computer to store stolen data.

Examples of cybercrime
Here are some famous examples of different types of cybercrime attack used by cybercriminals:
Malware attacks
A malware attack is where a computer system or network is infected with a computer virus or other type of
malware. A computer compromised by malware could be used by cybercriminals for several purposes. These
include stealing confidential data, using the computer to carry out other criminal acts, or causing damage to
data.
A famous example of a malware attack was the WannaCry ransomware attack, a global cybercrime committed
in May 2017. WannaCry is a type of ransomware, malware used to extort money by holding the victim’s data
or device to ransom. The ransomware targeted a vulnerability in computers running Microsoft Windows.
When the WannaCry ransomware attack hit, 230,000 computers were affected across 150 countries. Users
were locked out of their files and sent a message demanding that they pay a Bitcoin ransom to regain access.
Worldwide, the WannaCry cybercrime is estimated to have caused $4 billion in financial losses. To this day,
the attack stands out for its sheer size and impact.
Phishing
A phishing campaign is when spam emails, or other forms of communication, are sent with the intention of
tricking recipients into doing something that undermines their security. Phishing campaign messages may
contain infected attachments or links to malicious sites, or they may ask the receiver to respond with
confidential information.
A famous example of a phishing scam took place during the World Cup in 2018. According to our report, 2018
Fraud World Cup , the World Cup phishing scam involved emails that were sent to football fans. These spam
emails tried to entice fans with fake free trips to Moscow, where the World Cup was being hosted. People who
opened and clicked on the links contained in these emails had their personal data stolen.
Another type of phishing campaign is known as spear-phishing. These are targeted phishing campaigns which
try to trick specific individuals into jeopardizing the security of the organization they work for.
Unlike mass phishing campaigns, which are very general in style, spear-phishing messages are typically
crafted to look like messages from a trusted source. For example, they are made to look like they have come
from the CEO or the IT manager. They may not contain any visual clues that they are fake.
Distributed DoS attacks
Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring down a
system or network. Sometimes connected IoT (Internet of Things) devices are used to launch DDoS attacks.
A DDoS attack overwhelms a system by using one of the standard communication protocols it uses to spam
the system with connection requests. Cybercriminals who are carrying out cyberextortion may use the threat
of a DDoS attack to demand money. Alternatively, a DDoS may be used as a distraction tactic while another
type of cybercrime takes place.
A famous example of this type of attack is the 2017 DDoS attack on the UK National Lottery website. This
brought the lottery’s website and mobile app offline, preventing UK citizens from playing. The reason behind
the attack remains unknown, however, it is suspected that the attack was an attempt to blackmail the
National Lottery.

Cybercrimes Examples

Stolen credit card information

The most common cybercrime is when a person’s credit card information is stolen and used unlawfully to
acquire or purchase goods or services over the Internet. The stolen information is observed to be sold on the
dark web to make fraudulent purchases or withdrawals, or used to commit identity theft. The consequences
of stolen credit card information can result in severe financial losses, damaged credit ratings, and legal
issues.

Hacking into a Government Website

Another type of cybercrime is tampering with sensitive government data. Hacking into a government website
refers to unauthorized access to a government’s computer system or network. Considered a highly illegal and
unethical act that involves exploiting vulnerabilities in the system’s security to gain access to sensitive
information, and manipulate the system for malicious purposes. Such actions can lead to severe
consequences, such as fines, imprisonment, and damage to national security.

Classification of Cyber Crimes

Cybercrimes are broadly categorized into three fields:

Individual
The act of sharing illegal or harmful content over the internet by a lone individual is considered a cybercrime.
Examples include the distribution of pornography, human trafficking, and online stalking.

Property
For the property sector, cybercrime involves accessing personal bank or credit card information to perform
unauthorized transactions or phishing schemes and attempts to obtain personal information.
Government
Similarly, hacking into government computer systems or official websites, although not frequent, is still
regarded as a serious offense.
Take a look at our blog Cyber Security tutorial to learn briefly about cybersecurity

Types of Cyber Crime

There are diversified types of cybercrime recorded across the globe, and some of the noteworthy examples
are email fraud, social media fraud, banking fraud, ransomware attacks, cyber espionage, identity theft,
clickjacking, and spyware. Let’s explore how these crimes are carried out.

Malware
Malware is a broad term that comprised a wide range of cyberattacks such as Trojans, viruses, and worms.
Malware can simply be described as code written to steal data or destroy things on a computer.
How malware causes harm can assist us to classify the type of virus that we are dealing with. So, let us talk
about it!

Viruses
Viruses, like their biological namesakes, attach themselves to clean files and infect other clean files. Viruses
can spread uncontrollably, causing damage to the core functionality as well as deleting and corrupting files.
Viruses usually appear as executable files downloaded from the internet.

Trojan
This type of malware masquerades as legitimate software that can be hacked. It prefers to function invisibly
and creates security backdoors that allow other viruses to enter the system.

Worms
Worms use the network’s interface to infect a whole network of devices, either locally or via the internet.
Worms infect more machines with each successive infected machine.
Also, go through this blog on Types of cyber security!

Phishing
Phishing frequently poses as a request for information from a reputable third party. Phishing emails invite
users to click on a link and enter their personal information.
In recent years, phishing emails have become much more complex, making it impossible for some users to
distinguish between a real request for information and a fraudulent one. Phishing emails are sometimes
lumped in with spam, but they are far more dangerous than a simple advertisement.
There are five steps to phishing:

Preparation
The phisher must pick a business to target and figure out how to obtain the email addresses of that business’
customers.

Setup
Once the phisher has decided which entity to mimic and who the victims will be, the setup process can begin.
The phisher constructs and distributes communications and collects data.
Carry out the attack
This is a process that most people are familiar with. The phisher sends a fake message that appears to come
from a well-known source.

Man-in-the-middle Attack
A man-in-the-middle attack can obtain information from the end-user and the entity with which they are
communicating by impersonating the endpoints in the online information exchange.
Let us take a look at an example to learn more about this attack.
If the user is banking online, the man in the middle would communicate with the user by impersonating the
bank. The man in the middle would receive all information transferred between the user and the bank
including sensitive data related to bank accounts.
Preparing for job interviews? Have a look at our cybersecurity interview questions to excel in your hiring
journey!

Drive-by Download Attack

To become infected, we no longer need to click to accept a download or install a software update. Simply
opening a compromised webpage may now allow dangerous code to be installed on our device. We only need
to visit or drive by a website by clicking accept for any software, and malicious code will be downloaded in
the background on our device.
The unintentional download of a virus or malicious software onto a computer or mobile device is referred to
as a download from these pages.
Drive-by downloads typically take advantage of or exploit an out-of-date browser, app, or operating system
with security flaws.

Effects of Cybercrime
As per a report from Cybersecurity Ventures, the worldwide expenses incurred due to cybercrime are
predicted to touch $10.5 trillion by 2025. The report also highlights an estimated growth rate of 15%
annually for cybercrime over the next five years.
Financial loss is one of the obvious effects of cybercrimes, and it can be quite significant. But cyber crimes also
have several other disastrous consequences for businesses such as:

● Investor perception can become a huge problem after a security breach causes a drop in the value of
businesses.
● Businesses may also face increased costs for borrowing, and raising more capital can be challenging
as well after a security breach.
● Loss of sensitive customer data can result in penalties and fines for failing to protect customer data.
Businesses may be sued over data breaches.
● Due to a loss of reputation and damaged brand identity after a cyberattack, customers’ trust in a
business will decline. Businesses not only end up losing current customers but also find it difficult to
gain new customers.
● Direct costs may also be incurred such as the cost of hiring cybersecurity companies for remediation,
increased insurance premium costs, public relations (PR), and other services related to the attack.
Cybercriminals are individuals or teams of people who use technology to commit malicious activities on
digital systems or networks with the intention of stealing sensitive company information or personal data,
and generating profit.

Cybercriminals are known to access the cybercriminal underground markets found in the deep web to trade
malicious goods and services, such as hacking tools and stolen data. Cybercriminal underground markets are
known to specialize in certain products or services.

Laws related to cybercrime continue to evolve across various countries worldwide. Law enforcement
agencies are also continually challenged when it comes to finding, arresting, charging, and proving
cybercrimes.

Cybercriminals, Hackers, and Threat Actors

Hacking does not necessarily count as a cybercrime; as such, not all hackers are cybercriminals.
Cybercriminals hack and infiltrate computer systems with malicious intent, while hackers only seek to find
new and innovative ways to use a system, be it for good or bad.

Cybercriminals also differ greatly from threat actors in various ways, the first of which is intent. Threat actors
are individuals who conduct targeted attacks, which actively pursue and compromise a target entity’s
infrastructure. Cybercriminals are unlikely to focus on a single entity, but conduct operations on broad
masses of victims defined only by similar platform types, online behavior, or programs used. Secondly, they
differ in the way that they conduct their operations. Threat actors follow a six-step process, which includes
researching targets and moving laterally inside a network. Cybercriminals, on the other hand, are unlikely to
follow defined steps to get what they want from their victims.