Cybercrime
Cybercrime: History, Global Impact & Protective Measures [2022]
What is Cybercrime?
Cybercrime is any criminal activity involving a computer as the target or tool of the crime. The U.S. Department of Justice (DOJ) groups cybercrime into three main categories:
Hacker attacks — Utilize computers as a weapon.
Network penetration — Target a computer or other devices, attempting to gain unauthorized access to a network.
Computer-assisted crimes — Computers are not the main tool or target but play an instrumental part. For example, using a computer to store files downloaded illegally.
In most cases, obtaining financial gains motivates perpetrators to commit cybercrimes. Cybercriminals might also be driven by personal vendettas, a cause they believe in, the desire to improve their status in hacker circles, and a sense of notoriety.
This is part of an extensive series of guides about cybersecurity.
The History of Cybercrime
While there is no fixed history of cybercrime, most experts point to certain events as the first-known hacks. Here is a brief review of cybercrime events throughout history:
The telegraph system
In 1834, two thieves infiltrated the French telegraph system, gained access to financial markets, and stole data. Many experts consider this event the first cybercrime, followed by other cybercrimes, each focusing on newly invented technologies.
The telephone system
The 19th and 20th centuries saw attacks focused on the telephone system. In 1876, Alexander Graham Bell patented the phone, which allowed transmitting speech using telegraphy. Two years after the commercialization of this invention, teenage boys broke into Bell’s telephone company and misdirected calls. In later years (1960s-1980s), phone hacking (phreaking) became popular.
Ethical hacking
In 1940, Rene Carmille, a French computer expert, hacked into the Nazi data registry. Carmille, a punch card computer expert, used his expertise to reprogram Nazi punch card machines to prevent them from registering information correctly. His work blocked the Nazis’ attempts to register and track Jewish people.
Phishing scams and malware
In the 1980s, emails became a popular communication form, and by the 1990s, web browsers and computer viruses rose in popularity. In these years, hackers started using email attachments to deliver malware and phishing scams and web browsers to spread computer viruses.
Social media scams
In the 2000s, social media networks gained worldwide popularity, and hackers started utilizing these platforms for data theft and other cybercrimes. In the following years, cybercriminals improved malware infections and data theft techniques. Today, these attacks are deployed in the thousands, constantly increasing with no signs of slowing down.
Hacking the Internet of Things (IoT)
IoT has provided cybercriminals with a wealth of hacking opportunities. IoT technology upgrades ordinary objects, like washing machines, refrigerators, light bulbs, and heating systems, with Internet capabilities. Since these devices are connected to the Internet, cybercriminals can hack into them and cause damage that extends to the physical world.
Cybercrime Statistics: The Cost of Cybercrimes
To understand the global status of cybercrime, let’s review a few statistics from the FBI’s 2021 Internet Crime Report, which details cybercrime complaints received by the FBI and the damage they caused:
Financial loss from cybercrime increased to $6.9 billion per annum, up from $4.2 the previous year.
Business email compromise scams, typically involving spear phishing, which are targeted social engineering attacks against executives or other privileged roles, resulted in losses of $2.3 billion.
Romance scams, which involve attackers gaining the trust and affection of a victim and tricking them into transferring funds, were responsible for losses of $953 million.
Cryptocurrency attacks, in which attackers take advantage of the growing use of cryptocurrency in the legitimate economy to steal funds, were responsible for losses of $1.6 million.
Technical support scams are still prevalent and accounted for losses of $347. Most of the losses were experienced by individuals older than 60.
Ransomware, while considered a severe cybersecurity threat, resulted in relatively smaller losses of $49 million. However, this could be skewed by the fact that many victims do not report attacks to the FBI, and might not take into account additional costs such as lost business, lost time, or the cost of corporate incident response
Common Cybercrime Types and Examples
Cyberbullying
Cyberbullying is an umbrella term that refers to various types of online harassment, such as stalking and sexual harassment. It also includes doxing, which involves exposing personal information (a physical address, for example) online without the person’s consent, and fraping, which involves breaking into a person’s social media account and using the account to make fake posts.
Cyber Extortion
Cyber extortion is the digital version of extortion, an attempt to obtain something using force or threats. Here are two common types of cyber extortion:
Ransomware — Occurs when a cybercriminal infects a computer with malicious software (malware) that encrypts files. The ransomware displays a ransom note demanding money in exchange for a decryption key.
Blackmail — Occurs when a cybercriminal uses a victim’s personal information, photos, and videos to blackmail them, or uses Distributed Denial of Service (DDoS) attacks to threaten a business.
Cyber Espionage
Cyber espionage (cyber spying) occurs when unauthorized users attempt to access classified data, sensitive information, or intellectual property (IP) for competitive advantage, political reasons, or economic gain. State-sponsored groups of cybercriminals assist nations in stealing classified information or attacking nuclear plants with malware.
Cyberstalking
Cyberstalking is a form of online harassment that subjects a victim to numerous emails and online messages. Cyberstalkers use social media, search engines, and websites to intimidate their victim and instill fear. The cyberstalker often knows the victim and commits actions that make the victim feel afraid and sometimes concerned for their safety.
Identity Theft
Identity theft occurs when a cybercriminal gains unauthorized access to the victim’s personal information and uses it for various criminal activities. It typically starts with finding the victim’s passwords, sending phishing emails, or retrieving personal information from social media.
Cybercriminals use the stolen identity to access confidential information, participate in health insurance or tax fraud, or steal funds. They may also open a phone or Internet account under the victim’s name, use the stolen name for criminal activity, or use the stolen identity to claim government benefits.
Prohibited/Illegal Content
The sharing and distribution of inappropriate (highly distressing or offensive) content is a cybercrime. Here are common examples of this content:
Offensive content — Sexual activities between adults, videos displaying criminal activity, videos portraying intense violence, etc.
Illegal content — Materials that advocate acts of terrorism and child exploitation.
Prohibited and illegal content exists on the public Internet and in the anonymous network commonly referred to as the dark web.
The Effects of Cybercrime on Businesses and National Defense
Here are the main effects of cybercrime on businesses:
Potential share price drops — May occur when investors lose trust in the business after a security breach, leading to a reduction in the business’s value.
Capital challenges — In the aftermath of a breach, businesses may face increased borrowing costs and difficulty raising capital.
Regulatory penalties — If the breach resulted in the loss of sensitive customer data, the related regulatory authority may impose fines and penalties on the business due to this failure to protect customer data. In some cases, the business may face a lawsuit.
Reputation and brand damages — A cyber attack undermines customer trust in the business and its ability to protect customers’ personal and financial data. It results in a damaged brand image and reputation loss, which may lead to losing existing customers and the ability to draw in new customers.
Direct and indirect overhead — A cyber attack incurs various costs, such as increased insurance premium costs, cybersecurity incident response and remediation, public relations (PR), and other services needed to handle various impacts of the attack.
Cybercrimes can also have national security and public health implications, making cybercrime a top priority for governments. Here are several authorities of the U.S. government handling cybercrime:
The FBI has set up a Cyber Division agency within the DOJ responsible for combating cybercrime
The United States Department of Homeland Security handles the resilience and security of cyberspace as part of improving homeland security
The U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE) agencies include special divisions created for combating cybercrime
The USSS’s Electronic Crimes Task Force (ECTF) is in charge of investigating cases involving electronic crimes, especially attacks on the nation’s critical and financial infrastructure
The USSS also manages the National Computer Forensics Institute (NCFI), which provides computer forensics training to local and state law enforcement, prosecutors, and judges
The Internet Crime Complaint Center (IC3) is a partnership between the FBI, the Bureau of Justice Assistance (BJA), and the National White Collar Crime Center (NW3C). IC3 accepts complaints from victims of Internet crimes or other interested parties
Cybercrime Prevention and Protection
Educate
Phishing attacks are becoming more sophisticated and believable while also increasing exponentially, making them difficult to spot. Remote work further aggravates this issue because workers cannot easily discuss suspicious emails or messages as they would in an office.
Organizations can remediate this issue by regularly reminding employees about phishing techniques to keep them alert. It requires proactive and routine training that informs employees about how criminals may try to gain unauthorized access to business systems.
Cyber Risk Management
Cybersecurity risk management is a routine process that identifies, analyzes, evaluates, and addresses the organization’s cybersecurity threats. It typically involves everyone within the organization rather than only the security team.
Unfortunately, siloed employees and business unit leaders often view risk management from individual business functions and do not have the holistic perspective needed to address risk consistently. Here are the main focus areas of key business functions:
IT — Prioritize innovation and new technologies, typically viewing compliance and security as roadblocks.
Security — Understand safety but usually out of touch with evolving technologies and regulations.
Sales — Try to keep customers happy, looking for efficient ways to complete security audits.
Compliance — Attempt to keep everyone out of trouble by attempting to enforce strict adherence to regulations, typically operating without a comprehensive understanding of security.
Organizations cannot effectively manage cybersecurity risk when business units are siloed. They must work together to achieve a unified, disciplined, consistent, and coordinated risk management solution.
Here are key risk management action components to consider:
Utilize robust policies and tools for assessing vendor risks
Identify emerging risks, like new regulations that impact the business, and internal weaknesses, like no two-factor authentication (2FA)
Mitigate IT risks using training programs, internal controls, and new policies
Test the organization’s overall security posture
Document vendor risk management and security efforts for regulatory examinations and prospective customers
Using the Cyber Defense Matrix
Sounil Yu created the Cyber Defense Matrix framework to help organizations navigate the cybersecurity landscape. The framework standardizes the cybersecurity jargon to help align all stakeholders around one logical construct, ensuring everyone can quickly discern the products that can solve a particular problem and learn its core function.
Secure Mobile Devices
As employees conduct more business on tablets and smartphones, it becomes critical to ensure these endpoints are properly secured, whether they are personally owned devices or managed by the organization. Here are practices to consider:
Keep mobile devices up to date with the latest security patches
Deny access to unpatched devices trying to access company networks and applications
Create policies for physically securing devices connected to company data and ensure all employees understand it and comply
Use zero trust security to enforce access policies and harden security
Control All Apps
Organizations must gain visibility into all applications used in the organization and prevent shadow IT as much as possible. Shadow IT occurs when employees use applications without informing IT, creating blindspots that increase the attack surface.
Shadow IT increased when organizations were forced to quickly shift to remote work without providing employees with a suite of approved tools they could use. As a result, employees started using collaboration tools to share information and perform their job.
While collaboration tools are essential to ensure employees remain productive, securing these platforms and creating and enforcing appropriate use policies that define internal and external collaboration is critical.
Organizations can mitigate this risk by inventorying all applications and removing, approving, and managing applications according to organizational and regulatory requirements. It involves using asset management to regularly check the security credentials of applications and removing those that do not meet security, data integrity, and privacy requirements.
Create, Implement, and Enforce Security Policies
Security policies provide defined and approved documents that regulate various areas of IT security in the organization, each providing unique benefits. Common security policies include password policies, email or communication policies, and remote access policies.
An access control policy is particularly important to combat cybercrime. It typically requires regularly reviewing what systems and information each user can access to prevent external intruders and insider threats from abusing or misusing privileges.
A policy of least privilege (POLP) enables organizations to limit employee access to ensure each user has access only to the tools and data needed for their role. This policy reduces the number of users accessing valuable data to minimize potential risks.
However, a policy is only effective when properly enforced. Putting policies into effect without enforcing them renders them useless documents. Organizations must enforce all security policies to ensure the business can get comprehensive protection.
Learn more in our detailed guide to cyber crime prevention.
See Additional Guides on Key Cybersecurity Topics
Together with our content partners, we have authored in-depth guides on several other topics that can also be useful as you explore the world of cybersecurity.
Disaster Recovery
Authored by Cloudian
What is TTPs
Authored by Exabeam
What is Lateral Movement and How to Protect Against It | Exabeam
What Are TTPs and How Understanding Them Can Help Prevent the Next Incident
UEBA
Authored by Exabeam
Cybercrime Protection with BlueVoyant
BlueVoyant provides advanced cyber threat intelligence, managed security services, and proactive professional services to businesses of all sizes.