3 Types of Cybercrime

Posted by Sam Bloedow on 10/12/18 8:32 AM

Cybersecurity_is_a_business_concern-1

If you’re a company executive afraid of cybercrime, it’s important to understand the bigger picture first. Cybercriminals infiltrate your system as a way to invade your privacy, compromise the trustworthiness of your data, or deny access to information. Once you understand that, it’s smart to familiarize yourself with the tactics these criminals use in order to infiltrate your system such as phishing, malware, ransomware, identity theft, and scams.

Here’s what you need to know to better understand cybercriminals and how to notice, prevent, or fix an attack.

Common Types of Cybercrime

 

1. Confidentiality – Invasion of Privacy

Your company doesn’t have to be in health care or financial services to hold data that should be considered private. Cybercriminals want to monetize your employee information, customer records, and contact lists; from email addresses to social security numbers.

Some of the information that is stolen can be monetized right away, but often it is sold to others who compile it with data from other sources to build a more sophisticated attack. Intellectual property in the form of designs, drawings, plans, trade secrets, and know-how is valuable to those who want to attack your competitive edge.

Privacy is an external and internal concern. Just as you need to protect information from outsiders, policies that guide internal access to information can also protect your company from harm.

2. Integrity – Compromises to the Trustworthiness of Your Data

We don’t hear as much about data manipulation crimes as we do with confidentiality but as hackers become better at gaining entry into systems, the risk of this type of cybercrime is increasing. The motivation of an integrity attack can be to compromise decision making, cause damage to the company reputation, or commit fraud that will result in monetary gain.

Examples include changing the destination for invoice payments or payroll deposits; hijacking communications systems such as email or social media used for unauthorized messages or transactions; or modifying data that will change the outcome of a situation.

Sometimes, entry occurs when an employee uses unsecured methods to access company email and files. Other times malicious code is inadvertently downloaded that opens a door to the intruder.

3. Availability – Denying Access to Your Information

Do a google search for “hospital hacked” and you’ll find a disturbing trend, but the use of ransomware for extortion is not limited to the healthcare field. Sometimes information is the target of an availability attack, and sometimes access to a machine or network is the goal.

Whether it is denial-of-service (DoS), or holding data hostage, the motive can be the payment of ransom or a major disruption of operations that will damage the company’s reputation and ability to do business. The increasing number of devices connected to the internet — from smartphones to manufacturing machinery — has provided more targets for malware and availability assaults. Small businesses might think they are immune from attacks but they are actually easy and plentiful targets.

Common Cybercrime Tactics

Now that you know why cybercriminals may be attacking your system, here are some common ways they will try to obtain your data and ways to notice, prevent, or fix it.

Phishing

Phishing attacks are the most common security breaches. Cybercriminals use email, social media, or other forms of communication to steal data or gain access to networks. Phishing techniques include embedding a link in an email that redirects employees to a website that asks for sensitive information. That’s one of the more common and well-known tactics. We’ve all been warned not to put a password into sites we’ve been directed to via email. But during a hassle-filled day, how many remember?

How to Protect Your Business

Employee training helps with this one. After training, some companies even test employees by using a product that sends fake phishing emails to staff and report to executives how many were opened. This helps you understand how effective your training programs are and refine them to be more interactive and include employee participation.

But you should also be using spam filters to recognize and prevent emails from suspicious sources from even reaching the inbox of employees.

To further protect against phishing attacks, ensure passwords are continually reset and that they’re complex. You should deploy a web filter to block malicious websites and encrypt all sensitive company information. You could even disable HTML email messages. Deploy two-factor identification to prevent hackers who do have one form of user credential — such as a password — from gaining access to a website.

Malware

Malware is an abbreviation of “malicious software.” The software is specifically designed to gain access to or damage a computer. The term refers to a broad swatch of cybercrime tactics including spyware, viruses, worms, Trojan horses, adware, and botnets, all of which can infiltrate a computer and send information stored in the company back to cybercriminals.

How to Protect Your Business

First things first, determine if your machines are already being compromised. After that, stay on the lookout for future attacks and take measures to protect against them.

You’ll need to be aware of how the malware or botnet will manifest in your environment. For example, you won’t see your computers slow down, as infected computers were prone to do in the past. The malware out there today knows to do its work on a computer when the computer is idle, for fear of calling attention to itself. So, when all is quiet, there could be an issue.

One way to determine the presence of an attacker is to scan outbound communications records to find communications to suspicious domains. Look at your DNS server to see if you have outbound requests to web sites that end in .ru or .cn. Unless you’re doing a lot of business with companies in Russia or China, communication with those countries should be investigated because a huge percentage of malware comes from them. Frequent communication with sites in those countries is a strong sign your IT equipment may be compromised.

Take action to prevent attacks by ensuring all your computers on a network aren’t running the same operating system. Reinforce to employees the importance of staying away from suspicious websites and not clicking on email attachments.

Ransomware

Ransomware, often spread through email attachments, is a type of malware. But unlike malware, which self-destructs or flies under a company’s radar, ransomware attacks alert users their data has been compromised. What’s the logic? Like the name implies, ransomware creators profit by holding your data for ransom. The attacks can lock devices and render them useless until you make an online payment. Or they lock you out of your data until you pay the ransom specified by the attacker in return for access to your own data.

How to Protect Your Business

The first step to protect yourself is to establish best practices that you expect all users to follow. Be sure they’re properly trained on malware prevention. This includes not opening suspicious emails or clicking on links within emails. Inform your users that documents seemingly not directly related to the web, such as PDF documents that contain live links or Javascript can link to botnets or malware.

You’ll also want to regularly update your antivirus software.

Not too long ago, people updated their antivirus software once a month. Now, it should be at least hourly, but bigger firms often update constantly because things develop that quickly.

And don’t forgo the endless routine of installing software patches to mend holes through which botnets and malware could slip.

Identity theft

Identity theft is a fairly well-known cybercrime tactic, though employees are still vulnerable — thus, making their employers vulnerable, as well. Identity thieves gain access to an employee’s personal information and use it to their own ends.

How to Protect Your Business

Many of the practices used to combat phishing attacks work here, too, because phishing is the ultimate form of online identity theft.

Cybercriminals can send emails that seem as though they’re from an employee’s colleague or business contact. Ensure employees never email personal or financial information, even when they know the recipient. Employees should never give any type of business information via the internet whether on a website or by email.

Scams

Scams are carried out through email, social media, and mobile apps. Since these can take place via social media — scammers pose as people’s friends or make up profiles, gain trust, and ask for pertinent business or personal information — you may consider placing all social media sites behind a firewall. This can be hard to do if employees need access to certain social media sites, like LinkedIn, for work.

How to Protect Your Business

Ensure employees are familiar with the latest scams. Some of them appear to be from social media sites like Facebook or Twitter and claim an employee’s account has been closed or canceled. The email provides a link to click on to reinstate the account. Clicking on the link gives cybercriminals enough information to hack into accounts or can install malware onto a computer.

Another scam seems to be from executives or another employee in your company and asks for sensitive information like W-2 or wage statements. If the person receiving the email thinks it’s real, the cybercriminal gains access to employees’ personal information and your business information.

Other scams look like emails from shippers and claim to offer tracking information for a package sent to an employee. Click on the link in an email and a virus is loaded onto the computer, smartphone, or tablet the employee has used to access email. Such a virus can capture every keystroke to get username, password, and sensitive business information.

The scams may change but the takeaway is simple. You can appraise employees of current scams, but the bottom line is they shouldn’t click on any link or open an attachment in an email they weren’t expecting. You may need to send out weekly reminders.  

Cybersecurity is a Business Concern

Assess your risk for cybercrime by first considering the information that you use and store in your business. Then, consider the damage that would result if you were the victim of a confidentiality, integrity, or availability cyber attack. Undoubtedly, security is not just an IT concern. It’s a business concern. The reason why many companies are falling behind in this area is because they lack expertise.

Managed IT Service Providers partner with companies to bring cybersecurity expertise and technology tools to help thwart the growing threat of cybercrime. The best IT support companies include security as a customized IT strategy that is aligned with business goals.

download our cybersecurity ebook

Topics: Cybersecurity