Know Your Enemy: The 6 Types of Cybercrime You’re Likely to Encounter This Year
A solid grasp of the threats you’re facing is a crucial first step in developing a comprehensive defense strategy. This article lists six of the more common types of cybercrime that you’ll probably come across this year, to help you protect your organization from cyber-attacks.
Identity theft is one of the most common forms of cybercrime. Cyber criminals use a variety of techniques, some more sophisticated than others, to steal personal information such as names, social security numbers, and/or credit card details. With an increasing amount of sensitive data being stored and processed by organizations around the world, the risk of data breaches is higher than ever before.
Criminals use the stolen personal information to open new financial accounts under the victim’s name, or to make transactions using their credit card details. Either way, victims of identity theft can be left with heavy financial damages. A recent study found that in the U.S., a whopping $16.8 billion was stolen through identity theft in 2017 alone.
Preventing identity theft necessitates actions from two sides. Firstly, the organizations storing the data must be equipped with multi-layered security systems to protect their networks. Secondly, individuals must make sure to keep their own information safe, taking measures to secure their personal devices with the appropriate security software, using secure passwords and two-factor authentication to access online accounts, and only sharing personal information with verified, trusted parties.
Malware refers to malicious software designed to harm your computer system, such as viruses, Trojans, spyware and the like. Malware is often installed when a user downloads an infected file or opens an infected email attachment. The malware installer is hidden within a file that looks harmless, so as not to alert the user as to its presence. Once it’s installed on the computer, it can perform a variety of actions – taking control of the computer, recording keystrokes, and sending personal data to the attacker. Aside from training users on how and when to download files, you can also install anti-malware software that can detect and quarantine malware before it is installed on your system. Dedicated file sanitization tools are also available, leveraging advanced technology such as content disarm and reconstruction (CDR) to cleanse downloaded files of suspicious-looking elements that could be hiding malware.
While technically a subset of malware, this type of cybercrime has been making plenty of headlines lately and is therefore worth mentioning in its own right. With ransomware attacks, your entire computer system is encrypted and the hackers demand a ransom in return for a decryption key. When ransomware hits a large organization, it can halt entire systems from functioning, with huge financial damages. And, in some cases, there are even bigger ramifications – such as with the infamous 2017 WannaCry attack, where actual lives were at stake when hospitals and other healthcare organizations were hit.
Often, organizations find themselves surrendering and paying the ransom in an attempt to get back up and running as soon as possible, even though there’s no guarantee that paying the ransom will indeed lead to decryption at all – sometimes the hackers will just demand more money. As a general rule, no matter how good your defenses, it’s always a good idea to have all important files backed up in the cloud or other external location – just in case.
DDoS, or, ‘Distributed Denial of Service’ attacks, are targeted attacks used to bring down a website or other online service by overwhelming the server with traffic from multiple locations. Large networks of infected devices known as botnets are used to perform these attacks, sometimes also installing malware on the victim’s device at the same time. This allows the hackers to use a variety of unsavory techniques such as extortion or blackmail to get whatever they want from their victims. At the end of 2016, top websites including Amazon, Twitter and Tumbler were rendered unavailable by a DDoS attack that targeted their DNS server provider – Dyn. It took a number of hours before the websites were back up and running, affecting users across the globe. In general, using more than one server, or using a cloud-based service, can help prevent such attacks.
Phishing is when a cybercriminal masquerades as a trusted third party in an attempt to trick email recipients into divulging personal information or downloading “important” malware-laced files. Many of these emails are designed to look like they were sent from an official company, requesting the user to take action to correct some (fabricated) technical or financial issue or take advantage of a lucrative – but phony - offer. Other more sophisticated phishing emails may be doctored to look like they were sent by a colleague or other business associate, in an attempt to convince the user that the email is from someone they can trust.
Phishing is a type of social engineering – where the criminals exploit the user’s sense of trust to trick them, rather than finding a technical way to hack into their computer. Phishing emails often contain links to a phony website, where users are encouraged to enter their personal information, such as passwords or bank details. Fraudsters can then use this information for their own nefarious purposes - including related cybercrimes like identity theft. Phishing emails are also used to trick users into installing malware-infected files on their device.
The best way to combat phishing attempts is by training users to recognize – and avoid opening – suspicious emails. Look out for spelling mistakes and lousy formatting on emails that are supposedly from banks or other companies – and check the sent field to make sure the sender is authenticated. Banks, in particular, usually have numerous security methods in place so email recipients can ensure that an email was really from them – such as including the customer’s full name, zip code, or other piece of identifying information that a cybercriminal wouldn’t usually have access to. If the email simply says “Dear Customer”, alarm bells should ring. In any event, though, it’s usually best to avoid accessing your bank account through a URL link in an email – instead, use a trusted bookmark or type in the URL manually.
While most of the cybercrimes listed can be carried out through the web – and often are – there are some that are particular to the browsing experience. Drive-by-downloads, for instance, use browser vulnerabilities to download malware through active browser code. These attacks occur automatically, merely by browsing on an infected website, without any further action required on the user’s part.
Drive-by attacks can take many different forms. In one scenario, known as malvertising, criminals place malicious or malware-laden advertisements on a legitimate, ad-supported website. In many cases, the endpoint device can become infected even if users don’t click on the ad. Cryptojacking is another type of drive-by-download attack. As cryptocurrencies like Bitcoin become increasingly popular, enterprising miners have begun planting cryptojacking scripts on websites, allowing them to harness their victim’s computing power to mine cryptocurrency. Again, no installation is required.
As you can imagine, drive-by-downloads are one type of cybercrime that is particularly difficult to avoid, as no user action is needed in order for the attack to be successful. While users can try and stick to trusted websites, even trusted sites can become compromised, meaning that any browsing activity still presents a risk. Innovative solutions such as remote browser isolation (RBI) prevent drive-by-downloads and other browser-based threats by keeping all active code off of endpoint devices and outside of the organizational network. Instead, web content is rendered in an isolated virtual container hosted outside of the network, such as in the DMZ or cloud. To the user, the entire experience feels and behaves just like a regular browsing session, but in reality the web pages they’re visiting aren’t executed on the endpoint, so no malicious files can install themselves. When a browsing session is complete, the container is destroyed, along with all files, malicious or otherwise.
Now that you understand some of the most common types of cybercrime out there, you’ll be able to take preventative steps to reduce your risks and ensure your network is protected from all angles.