New Age Cyber Crimes : 2016
New trends in cybercrime are emerging all the time, with
estimated costs to the global economy running to billions of dollars.
In the past, cybercrime was committed mainly by individuals
or small groups. Today, we are seeing highly complex cybercriminal networks
bring together individuals from across the globe in real time to commit crimes
on an unprecedented scale.
Criminal organizations turning increasingly to the Internet
to facilitate their activities and maximize their profit in the shortest time.
The crimes themselves are not necessarily new – such as theft, fraud, illegal
gambling, sale of fake medicines – but they are evolving in line with the
opportunities presented online and therefore becoming more widespread and
damaging.
Identity theft
Identity theft and fraud is one of the most common types of
cybercrime. The term Identity Theft is used, when a person purports to be some
other person, with a view to creating a fraud for financial gains. When this is
done online on the Internet, its is called Online Identity Theft. The most
common source to steal identity information of others, are data breaches
affecting government or federal websites. It can be data breaches of private
websites too, that contain important information such as – credit card
information, address, email ID’s, etc.
Ransomware
Ransomware enters your computer network and encrypts your files using
public-key encryption, and unlike other malware this encryption key remains on
the cyber criminals server. Attacked users are then asked to pay huge ransoms to
receive this private key via Bit Coins.
DDoS attacks
DDoS attacks are used to make an online service unavailable
and bring it down, by bombarding or overwhelming it with traffic from
multiple locations and sources. Large networks of infected computers, called
Botnets are developed by planting malware on the victim computers. The idea is
normally to draw attention to the DDOS attack, and allow the hacker to hack
into a system. Extortion and blackmail could be the other motivations.
Botnets
Botnets are networks of compromised computers,
controlled by remote attackers in order to perform such illicit tasks as
sending spam or attacking other computers. Computer Bots can also be used
act like malware and carry out malicious tasks. Then can be used to assemble a network
of computers and then compromise them.
Up to now, most botnets have been assembled by constantly
roaming the internet probing for PCs that are unprotected. When a vulnerable
machine is discovered, it is infected with malware that lies there undetected,
awaiting the command to start pinging the site that has been chosen for an
attack. For the more sophisticated cybercriminal, though, this way of doing
things is beginning to look obsolete. The PC market has peaked, so zombie
machines will become rarer and existing PCs tend to be better managed and
protected from intrusion than they used to be. We are getting to the point, in
other words, where PC-based botnets are soyesterday.
So where is the smart online criminal going to go next?
Obligingly, the tech industry has provided him with the capability to assemble
even bigger botnets with much less effort. The new magic ingredient is the IOT internet
of things – small, networked devices that are wide open to penetration. The
attacks will come from large numbers of enslaved devices – routers, cameras,
networked TVs and the like.
Spam and Phishing
Spamming and phishing are two very common forms of
cybercrimes. There is not much you can do to control them. Spam is basically
unwanted emails and messages. They use Spambots. Phishing is a
method where cyber criminals offer a bait so that you take it and give out the
information they want. The bait can be in form of a business proposal,
announcement of a lottery to which you never subscribed, and anything that
promises you money for nothing or a small favor. There are online loans
companies too, making claims that you can get insecure loans irrespective of
your location. Doing business with such claims, you are sure to suffer both
financially and mentally.
Phishing has its variants too –
notably among them are Tabnapping, Tabjacking, Vishing & Smishing. Such
spamming and phishing attempts are mostly emails sent by random people whom you
did not ever hear of. You should stay away from any such offers especially when
you feel that the offer is too good. Do
not get into any kind of agreements that promise something too good to be true.
In most cases, they are fake offers aiming to get your information and to get
your money directly or indirectly.
Social Engineering
Social engineering is a method where the cyber criminals
make a direct contact with you using emails or phones – mostly the latter. They
try to gain your confidence and once they succeed at it, they get the
information they need. This information can be about you, your money, your
company where you work or anything that can be of interest to the cyber
criminals.
It is easy to find out basic information about people from
the Internet. Using this information as the base, the cyber criminals try to
befriend you and once they succeed, they will disappear, leaving you prone to
different financial injuries directly and indirectly. They can sell the
information obtained by you or use it to secure things like loans in your name.
The latter case is of Identity theft. You should be very careful when dealing
with strangers – both on phone and on the Internet.
Malvertising
Malvertising is a method whereby users download malicious
code by simply clicking at some advertisement on any website that is infected.
In most cases, the websites are innocent. It is the cyber criminals who insert
malicious advertisements on the websites without the knowledge of the latter.
It is the work of advert companies to check out if an advertisement is
malicious but given the number of advertisements they have to deal with, the malverts easily
pass off as genuine ads.
In other cases, the cyber criminals show clean ads for a
period of time and then replace it with malverts so that the websites
and advertisements do not suspect. They display the malverts for a
while and remove it from the site after meeting their targets. All this is so
fast that the website does not even know they were used as a tool for
cybercrime. Malvertising is one of the fastest, increasing types of cybercrime.
PUPs
PUPs, commonly known as Potentially Unwanted Programs are
less harmful but more annoying malware. It installs unwanted software in your
system including search agents and toolbars. They include spyware, adware, as
well as dialers. Bitcoin miner was one of the most commonly noticed PUPs in
2013.
Drive-By-Downloads
Drive By Downloads too, come close to malvertising. You visit
a website and it triggers a download of malicious code to your computer. These
computers are then used to aggregate data and to manipulate other computers as
well.
The websites may or may not know that they have been
compromised. Mostly, the cyber criminals use vulnerable software such as Java
and Adobe Flash and Microsoft Silverlight to inject malicious codes as soon as
a browser visits the infected website. The user does not even know that there
is a download in progress.
Remote Administration Tools
Remote Administration Tools are used to carry out illegal
activities. It can be used to control the computer using shell commands, steal
files/data, send location of the computer to a remote controlling device and
more.
Exploit Kits
A vulnerability means some problem in the coding of a
software that enables cyber criminals to gain control of your computer. There
are ready to use tools (exploit kits) in the Internet market which people can
buy and use it against you. These exploit kits are upgraded just like normal
software. Only difference is these are illegal. They are available mostly in
hacking forums as well as on the Darknet.
Scams
Notable among Internet scams are (IRS Scams, Insurance
Scams, Matrimonial website scams, Techsupport Scams), scams which misuse
the Microsoft name and other general tech support scams. Scamsters
phone computer users randomly and offer to fix their computer for a fee. Every
single day, scores of innocent people are trapped by scam artists into Online
Tech Support Scams and forced to shell out hundreds of dollars for non-existent
computer problems.
People should note that employees involved in call centre scams are prosecutable under Section 66(C) & (D) of The IT Act,2000 as well sections of IPC involving Extortion and Cheating are also applied which are non-bailable offences, currently employees working in Mira Road IRS call centre Scam fraud are in jail without bail from last 15 days.
