Cyber crime is the flip side of cybersecurity — a huge spectrum of damaging and illegal activity carried out using computers and the Internet. This article will help you understand cyber crime and how to defend your organization against it.
In this article you will learn:
- What is cyber crime?
- Types and examples of cyber crime
- Primary attack vectors
- Protecting your business against cyber crime
What is Cyber Crime?
Cyber crime is broadly defined as any illegal activity that involves a computer, another digital device or a computer network. Cyber crime includes common cyber attack patterns like social engineering, software vulnerability exploits and network attacks. But it also includes criminal acts like hacktivist protests, harassment and extortion, money laundering, and more.
Cyber crime targets both individuals and companies. Typically, attackers target businesses for direct financial gain or to sabotage or disrupt operations. They target individuals as part of large-scale scams, or to compromise their devices and use them as a platform for nefarious activity.
Types of Cyber Crime
The US Department of Justice identifies three types of cyber crime in situations where:
- A computer is the target of the attack—for example, a data breach on a corporate network
- A computer is the weapon for an attack—for example, a denial of service (DoS) attack
- A computer is an accessory to a criminal act—for example, digital identity theft which leads to theft of funds from a bank account
Four Major Examples of Cyber Crime
In 2013-2016, Yahoo experienced a data breach which resulted in the theft of 3 billion user accounts. For some of these accounts, the attackers got hold of private information and passwords, which could be used to access user accounts in other online services. Much of this data is available today, either free or for a price, on the dark web.
In 2014, US retailer Home Depot’s point of sale systems were breached. Attackers stole 50 million personal credit cards, and for some time any credit card swiped at Home Depot stores was captured and its details compromised by the attackers.
In 2016, the largest ever distributed denial of service (DDoS) attack took place, which used over 1 million connected devices in the Internet of Things, which were compromised by the attackers due to software vulnerabilities. The attack caused outages in the global domain name system (DNS) and popular services including Twitter, Netflix and PayPal.
In 2017, the WannaCry attack, allegedly launched by North Korea, unleashed a type of ransomware which not only locks down content on user devices, but also rapidly spreads itself. WannaCry infected 300,000 computers around the world, and users were asked to pay hundreds of dollars to decrypt and restore their data.
Cyber Crime Attack Vectors
The following vectors are the primary methods cyber criminals use to conduct criminal activity:
- Botnets—a botnet is a network of computers that attackers infected with malware, compromised and connected them to a central command & control center. The attackers enlist more and more devices into their botnet, and use them to send spam emails, conduct DDoS attacks, click fraud, and cryptomining. Users are often unaware their computer is being used as a platform for cyber crime.
- Ransomware and other malware—Ransomware is malware that encrypts data on a local machine and demands a ransom to unlock it. There are hundreds of millions of other types of malware that can cause damage to end-user devices and result in data exfiltration.
- Phishing and other social engineering attacks—phishing involves sending misleading messages via email or other channels, that cause internet users to provide personal information, access malicious websites or download malicious payloads.
- Fraud and identity theft—fraud is the theft of funds by an attacker pretending to be the owner of an account, or using stolen cards or credentials. Identity theft is a related concept, and involves compromising a user’s online accounts to enable an attacker to perform actions in their name.
- Flood attacks—most modern flood attacks are DDoS attacks, which leverage a botnet to hit a website or organization with massive amounts of fake traffic. Flood attacks can be targeted at the network layer, choking an organization’s bandwidth and server resources, or at the application layer, bringing down a database or email server for example.
- Browser hijacking—attacks like cross site scripting (XSS) can cause malicious code to run in a user’s browser. This can result in session hijacking, drive-by downloads and other illicit activity carried out in the user’s browser without their consent.
A Business Response to Cyber Crime
As a business, your best bet against cyber crime is to prepare a solid incident response plan. Often planning is not enough — you should have the security staff and tools in place to execute it. An incident response plan, according to the SANS framework, includes:
- Preparation—codifying your security policy, identify types of critical security incidents, prepare a communication plan and document roles, responsibilities and processes for each one. Recruit members to your computer security incident response team (CSIRT) and train them.
- Identification—use security tools to accurately detect anomalous behavior in network traffic, endpoints, applications or user accounts, and rapidly collect evidence to decide what to do about the incident.
- Containment—isolate the affected systems, clean them and gradually bring them back online.
- Eradication—identify the root cause of the incident, and do everything to ensure the issue does not repeat itself. Fix broken security measures that let in the attackers, patch vulnerabilities, and ensure you clean malware from all endpoints.
- Recovery—bring production systems back up, taking care to prevent another similar attack. Test to ensure that systems are back up and working as usual.
- Lessons Learned—up to two weeks after the incident, review it with the team to understand what went well and what didn’t, and improve your incident response plan.
In today’s security environment, with an exponential increase in the number and complexity of threats, and a shortage of talented security staff, security automation is a key tool in the fight against cyber crime.
Exabeam’s Security Management Platform can help you perform the steps above to respond to cyber threats faster and more effectively. Specifically, Incident Responder helps standardize and accelerate response with playbooks to enable semi- or fully automated security workflows. This can help security teams both improve their productivity and reduce the time needed to address cybercrime incidents.