Last updated December 2023
What is cybercrime?
Cybercrime refers to criminal activities carried out by means of computers or the internet.
This broad category includes various malicious activities such as hacking, identity theft, creating and distributing viruses, scam campaigns, and executing financial theft or fraud. It often targets individuals, corporations, or even government networks, with varying levels of sophistication and impact.
The intent of cybercrime can be to steal money, personal information, intellectual property or to disrupt digital operations and services.
Due to its nature, cybercrime is a global issue, with perpetrators and victims often located in different countries, making regulation and prosecution challenging.
Let's dig in.
The size of cybercrime
The world’s consumers are going digital. So, unfortunately, are criminals.
One report estimates its global cost at $8.44 trillion in 2022, but rising to $23.84 trillion by 2027.
How can we characterise these costs? Here are some:
- Damage and destruction of data
- Stolen money
- Ransom payments
- Lost productivity
- Theft of intellectual property
- Theft of personal and financial data
- Embezzlement
- Post-attack business disruption
- Investigation costs
- Restoration and deletion of hacked data and systems
- Reputational harm
But how did it all start?
The 1988 Morris worm attack
Back in 1988, when the Internet was just a collection of networked computers based mostly in universities, a student named Robert Tappan Morris had a question: exactly how many computers were connected?
He wrote a simple program to get the answer. It would travel across the network and simply ask each machine to send a signal back. Unfortunately, it worked too well. As the program copied itself and sent more messages, it clogged up the entire network. It disabled tens of thousands of systems – and cost hundreds of thousands of dollars to fix.
Without planning it, Morris had launched what is now called a distributed denial of service.
Some believe the 'Morris worm' to be the world's first cyberattack.
Regrettably, it was not the last. Today, cybercrime is everywhere.
We can define a cyberattack as "the process of attempting to steal data or gain unauthorized access to computers and networks. A cyberattack is often the first step an attacker takes in gaining unauthorized access to individual or business computers or networks before carrying out a data breach."
And the impact of cybercrime is growing every year.
This kind of crime can be extremely lucrative. Also, from the criminals’ point of view, it is quite low risk. It is obviously much safer to sit behind a laptop and plan attacks than it is to rob a bank or burgle a house.
Today, 35 years after the Morris worm, there is much more to cybercrime than the distributed denial of service.
Some target end users directly and use various (often social engineering) techniques to trick the target into exposing sensitive information. Other types of cybercrime target organizations and use a range of technical methods to steal data.
Let's explore the main types of cyberattack
Phishing
This might be the most familiar form of cyberattack. In a phishing attack, the fraudsters send messages (via email or text, etc) that seem to be from a legitimate source. The aim is to encourage the target to send back sensitive data, click on a fake link, download malware, etc. Phishing is extremely common and is evolving all the time. Attackers can choose their 'trusted source' depending on what is current: package deliveries, hospital results, COVID tests etc.
Spear-phishing
This is a more targeted form of phishing in which the target is a single individual. Here, the attacker does research in order to write convincing and personalised messages. For example, the message might come from a modified email that appears to be from a colleague. When the target is a senior member of a large organisation, this is called 'whale phishing'. In these attacks, the fraudster will trick the target into either giving up sensitive information, transferring money or paying a ransom. The latter often works because of embarrassment and/or fear of reputation damage.
Man-in-the-middle
The name speaks for itself. In a “man in the middle” attack, the attacker inserts him or herself between two parties trying to communicate. The two parties could, for example, be a consumer and a payment provider. They don't sense anything is wrong. But in the background, the attacker is reading or even modifying the instructions passed between the two.
Ransomware
Demanding a ransom from a cyber victim is a common technique. With ransomware, the methodology is quite specific. It involves the victim downloading a particular type of malware, which encrypts/disables the organisation's workstations. The attacker then charges a ransom in return for instructions on how to deactivate the malware.
Pharming
A pharming attack happens when a criminal hijacks the DNS (domain name system) server of a website. This means that when a user types in the URL, he or she is redirected to an imposter site that looks like the real thing. Once there, the user will enter their details, which the attacker intercepts.
Brute force attack
The ultimate aim of most cyberattacks is to acquire access to information. Attackers have developed many stealthy ways to do this. But sometimes, they don't need to be clever. They just use brute force. This is most common with passwords, where an attacker will use a program to try millions of different combinations. When they get it right, they are in.
Malware Attack
Several of the attack methods described above can involve forms of malware. Malware is short for malicious software. It describes a type of computer program the user downloads without knowing. Once installed, it either changes how a computer functions, deletes data or spies on the user/network. Some malware programs can also replicate themselves across multiple workstations.
Types of malware include:
- Trojan horse – a malicious program hidden inside a legitimate one
- Spyware – hides on the device to monitor activity and steal sensitive information
- Adware – displays unwanted and sometimes malicious advertising
- Worm – a standalone program that replicates itself to infect other computers without requiring user action
- Viruses – a piece of code that will lie dormant until the infected host file or program is activated. It then replicates across the network
- XSS attacks – Cross-site scripting is a type of injection in which malicious scripts are injected into trusted websites
- SQL injection – This method injects malicious code that modifies database information
Mobile attacks: smishing, vishing and caller ID spoofing
Widespread smartphone use has led fraudsters to develop specifically mobile-related attacks. Vishing is done by voice. Here, the attacker uses a pre-recorded voice message to trick the target. Smishing uses a fake text (SMS) message from a trusted organisation. Meanwhile, caller ID spoofing fakes the name and number that appear on the phone screen to fool the recipient into believing the call is legitimate. The desired action is usually to direct the target to a website and to enter personal information.
SIM Swap
This form of mobile attack targets the 4-digit passcodes companies use to authenticate their customers. The attacker will steal a phone and convince the mobile carrier to send a new SIM card. Now, as the 'legitimate' owner of the handset, the attacker can request a new code for (for example) a banking app installed on the device.
Distributed denial-of-service (DoS)
A DDoS attack floods a network with requests. The network then becomes overwhelmed and breaks down. A DDoS attack is a little different from most other types of attack because it does not enable the criminal to access sensitive data. Instead, the aim is either to create mischief, demand a ransom or make a disabled network more vulnerable to other types of attack.
Criminals often use bots to launch DDoS. Bots make it possible to control thousands of hijacked PCs (collectively called a botnet).
Interested to learn more on cybercrime?
Carry on reading our Part 2 on ways to prevent cyberattacks or the below-related content: