Cybercrime is actually an extremely broad concept, consisting of a variety of different related offenses. One way to classify cybercrime is by looking at the role that a computer (or a network or device) can play within a criminal act. Mainly, that target of a criminal and a tool or weapon used to commit the crime.
Since illegal activity often involves computers both as targets and weapons, the distinction is flawed, but it makes it possible to provide a relative structured overview of the types of cybercrime.
This type of cybercrime comprises illegal activities that target computers, networks and/or devices. The term hacking is often used here to refer to crimes of this nature. Criminals often use computers for a variety of intents:
Crime to compromise confidentiality—a criminal aims to access your computer systems and data without having authorization to do so. If the attacker succeeds, the system suffers a data breach. Security breaches often involve data theft. Criminals are looking for very specific pieces of data:
- Password Cracking—criminals can attempt to access a system by guessing login credentials (such as common usernames and passwords) and entering them manually. Password cracking is the most basic form of hacking, which doesn’t require any special skills.
- Bure Force Attacks—a brute force attack is an exhaustive attempt to penetrate a network through trying all different combinations of login credentials into a system until access is obtained. Brute force cracking can therefore be considered the automated version of password cracking.
- SQL Injections—criminals are taking advantage of vulnerabilities in your SQL databases. Essentially, they try to inject a bit of code, trying to get the database to extract information (names, Social Security Numbers, etc.) for the criminal to exploit further or sell.
Crimes that aim to compromise the integrity of your data
Criminals are actually trying to modify records on your network and devices.
Malware—criminals may indirectly violate the integrity of the data and systems.
Virus—a computer virus is malicious code that replicates itself within a computer system by injecting itself within legitimate software with its own malicious code, altering computer programs it infects.
Worm—worms are often confused with viruses, but unlike viruses, they are a standalone malware program. A worm replicates itself and aims to infect other computers by spreading copies of itself throughout a network or removable storage device.
Trojan Horse—similar to the Greek war stories, this software version of the Trojan horse is designed to maliciously penetrate a network undetected, appearing innocent to the recipient who then allows it access to an entire system or network.
File-less Malware—malicious code that executes in system memory (known as RAM) and does not interact with non-volatile storage, such as hard drives. In spite of its name, file-less malware does rely on one or several files in order to infect a targeted system.
Cryptomining Malware—this malware hijacks the computer’s resources of an infected system to mine cryptocurrency without the knowledge of people on the network. This crime is becoming more common and can kind of be thought of an analogy of stealing your neighbor’s internet or cable, but on a much bigger scale.
Botnet Malware—a botnet infects internet-connected devices with the aim of turning them into bots that can be controlled by the criminal, turning devices into zombies. Botnets can in turn be used to carry out crimes.
Browser Hijackers—browser hacking malware makes unauthorized changes to settings in your web browser on a targeted device. Often this redirects you from your intended website to a malicious one. This often leads to malware being installed on your computer.
Crimes that mainly compromise availability of data
Ransomware— ransomware is a type of malware that is used to pressure a user into paying a ransom note—a sum of money in exchange for the release of encrypted files on a computer or network.
Denial Of Service (DOS) Attacks—a criminal is making an online resource unavailable by crowding your network. Essentially, these attacks make it extremely difficult to tell who the good guys and bad guys are on your network, allowing for data theft or further attacks without you being really able to understand what exactly is going on and who is the cause.
As you can see, there are all sorts of tools and tricks criminals are cracking into networks and exploiting the data they find. Dynamic Edge’s security team is committed to detect, track and manage threats and security risks as they come in. If you have any questions or concerns or would like to attend one of our upcoming cybersecurity webinars, please let your BTM know!
