Instances of cybercrime are climbing – costing organisations trillions of dollars annually. Worse still, the more society relies on technology and digital solutions, the larger the attack surface for cybercriminals to exploit. This means that it’s vital for organisations to maintain an awareness of the different types of cybercrime they’re susceptible to so they can implement the optimal cybersecurity infrastructure and policies to protect themselves.
With that in mind, we look at different examples of cybercrime and how to protect yourself from them.
What is a Cybercrime?
Cybercrime can be defined as an illegal activity that involves the use of a computer. Cybercrimes are usually categorised in two ways:
- Using computers to carry out a criminal act.
- Targeting computers or digital tools as the object of a criminal act.
Cybercrimes are particularly dangerous because they make it easier for criminals to cover their tracks than with crimes in the real world. Additionally, the more we integrate technology into our daily lives, the more opportunities there are for threat actors to carry out illegal activity.
Common Types of Cybercrimes
Let’s look at some of the most common examples of cybercrime.
A distributed denial of service (DDoS) attack makes an online resource, such as a website or network, unavailable by flooding it with HTTP requests, i.e. traffic, from multiple sources. As well as making the resource inaccessible for legitimate users, a DDOS attack significantly compromises a system’s performance and security. Subsequently, the cybercriminals behind the DDoS attack can use it to demand money in return for ceasing the attack or use it as a distraction while carrying out another cybercrime.
DDoS attacks are mostly executed via a large network of malware-infected devices known as a Botnet.
Identify theft is the act of stealing a user’s personal information and using it for impersonation, stealing money, accessing confidential data or perpetrating other types of fraud. It’s inherent in other types of cybercrime while also being the objective of other criminal activity. Commonly, cybercriminals steal identities to further their goal of breaching an organisation where their target happens to work.
Malware (or “malicious software”) comes in many forms and is designed to breach an organisation’s IT network and assist in cybercrime. This involves assuming control of their systems and network, stealing funds or confidential information, intentionally damaging data or infrastructure, and furthering the advancement of multi-step cyber crimes.
Types of malware include spyware, which records user activity without their knowledge, e.g., keystroke loggers; adware, which displays unwanted ads; and rootkits, which give cybercriminal control over a user’s internet-connected devices.
Ransomware is actually a type of malware, but as it’s one of the most common examples of cybercrime, it deserves separate consideration. Ransomware prevents victims from accessing their devices altogether or restricts access to files and other data by encrypting them. The cybercriminal will then demand a ransom (typically in Bitcoin) to relinquish control back to the user.
Perhaps the most common kind of online scam, phishing, involves cybercriminals sending potential victims emails featuring malicious links to fool them into revealing personal data. These emails impersonate highly recognisable brands and either offer deals or prizes that are “too good to be true” or threaten undesirable consequences if the person doesn’t immediately log on to resolve them.
If the user clicks through on the link, it’ll take them to an illegitimate website made to exactly resemble that of the company the criminals are impersonating. If they attempt to log in, their data could be stolen for malicious purposes, or malware could be installed on their device. These types of cybercrime tend to be the most effective, as 89% of organisations experienced at least one successful email breach a year.
Piracy is the unauthorised use or reproduction of works or intellectual property, e.g., software, music, movies, TV programs, industrial designs, patents, etc. It’s notable because although the reproduction and distribution of illegal content is carried out by cybercriminals, a wide variety of people use said content.
Pirated content is often distributed via download and streaming sites on which the owners display pop-up ads to generate ad revenue. Alternatively, cybercriminals can infect such sites with malware that infects the user’s device, opening the door for other types of cybercrime.
How to protect yourself from different types of Cybercrime
Install Up-to-date Security Software
This includes an antivirus solution for scanning for ransomware, spyware, and other malicious code and a firewall for analysing incoming traffic. It’s also wise to utilise advanced spam filters (ASFs) that perform deep scans on your emails, including their attachments, and highlight those that show signs of being malicious, guarding your inbox from most of social engineering types of cybercrime.
Apply Regularly Updates
Make your IT infrastructure as robust as possible by consistently installing the latest updates and patches. Developers periodically release fixes to deal with vulnerabilities in their software and platforms and increase security against evolving cybercrime and the emergence of new ones.
Use Browser Protection Tools
These not only prevent various types of malware from being downloaded but also block potentially malicious sites and warn users when trying to access unsecured sites.
Enforce Strong Password Hygiene
With the need to devise passwords for dozens of online services, users can succumb to “password fatigue” – using the same password repeatedly. Subsequently, if a cybercriminal gets their hands on one of their passwords, they could access multiple platforms, including those containing sensitive personal data.
To combat this, enforce password hygiene within your organisation. This includes ensuring that passwords used within your network have a particular number of characters and conform to a certain standard, i.e., that contain capital letters, numbers, and symbols.
Educate Your Employees
Although the measures outlined above will protect your organisation from various types of cybercrime, it’s an excellent idea to educate your staff on cybersecurity best practices. The main reason for this is that they can fall victim to cybercrime in their own time and on their own devices and, through revealing personal information, compromise your organisation’s security. Key measures to emphasise include:
- Select different, strong passwords for each app they use.
- Be especially wary of phishing emails with generous offers or that cause them to panic, as phishing relies on manipulating a person’s greed or fear.
- Think twice before downloading email attachments from an unknown sender or if the email is uncharacteristic of a known sender (especially if forwarded).
- Avoid illegal download and streaming sites.
- Make sure they are on a legitimate website before entering sensitive information. In particular, double-check the site’s domain, as cybercriminals commonly employ a tactic called typosquatting: where the URL has a small typo, e.g., paypa1.com, and its appearance matches that of the genuine site.
- Stick to secure websites, i.e., those with SSL certificates and “https” instead of “http”, and display a little padlock at the start of the web address.
- To share as little information about themselves online as possible.
- To keep an eye on the activity of their online services, i.e., email and social media, and proactively report any suspicious activity immediately.
If you want to know more about the types of cybercrime and what measures you can take today to protect yourself, get in touch with RiskXchange.