Projections indicate that the global cost of cybercrime is expected to increase dramatically, rising from $8.44 trillion in 2022 to a staggering $23.84 trillion by 2027. Fueled by advances in technology, the proliferation of connected devices and cloud services along with a pandemic that forced a digital transformation, cybercrime continues to explode with significant impacts to individuals, organizations, and governments around the globe. Combating cybercrime is a highly complex and ever-evolving challenge due to the dynamic nature of the threat landscape. And understanding the threat landscape requires in-depth threat intelligence on the identity of cybercriminals, their preferred attack techniques, their motives, operational tactics, their areas of focus, and more. This article aims to offer a comprehensive overview of cybercrime, including an examination of various types of cybercrime, the underlying motivations, the societal impact, and current efforts to prevent and combat it.
What is Cybercrime?
Cybercrime is any criminal activity involving the use of computers, networks, connected devices, or other technology to commit illegal activities. The reliance on internet connectivity has facilitated an increase in the volume and pace of cybercrime activities, making these types of crimes easier to carry out due to factors such as the internet’s speed, convenience, anonymity, and lack of borders.
For the attackers and criminals, cybercrime is a lucrative business that generates hundreds of millions in annual revenue for its operators. The cybercriminal network is vast, complex, and operates using the same strategies, tools and tactics as legitimate businesses.
- Product or Service: Like legitimate businesses, cybercriminals often have a product or service to offer, such as ransomware-as-a-service, phishing kits, malware, stolen information, or access to compromised systems.
- Marketing and Advertising: Cybercriminals use a variety of marketing and advertising strategies to promote their products or services. This can include spamming, phishing, and other forms of social engineering.
- Distribution: To distribute their products or services cybercriminals use a variety of methods such as email, instant messaging, and malicious websites.
- Sales: Cybercriminals sell their products or services, often through underground marketplaces, in exchange for money or other forms of payment.
- Support: Some cybercriminals also provide customer support and technical assistance to help customers use their products or services effectively.
- Scaling: Cybercriminals often aim to scale their operations in order to increase revenue and profits. This can involve automating tasks, expanding into new markets, and recruiting new members to their organizations.
- Continual Innovation: Cybercriminals are continually innovating, developing new techniques, tools and methods to evade detection, maximize their profits and increase their reach.
Who Are the Cybercriminals?
Cybercriminals can come from a variety of backgrounds and have different motivations for their actions. Some are highly skilled and well-funded, while others are amateur hackers. Regardless of their level of expertise, all cybercriminals have the potential to cause significant harm to individuals, organizations, and society as a whole. Below are the most common types of criminals.
- Organized Crime Gangs: Criminal organizations that use cybercrime as a means to generate revenue. They may engage in activities such as money laundering, extortion, and drug trafficking using cyber tools.
- Nation-State Sponsored Threats: Countries that use cybercrime to gain an advantage over other nations. This can include espionage, sabotage, and influence operations.
- Insider Threats: Individuals or groups within an organization who engage in cybercrime, whether for personal gain or other reasons.
- Ransomware-as-a-Service (RaaS) Operators: Criminal organizations that provide ransomware as a service to other attackers. They typically handle the technical aspects of an attack, such as the malware development and distribution, while the customer focuses on the target selection and ransom negotiations.
- Novice Attackers: Individuals who may not have a high level of technical skill but still engage in cybercrime, such as using pre-made tools or stolen credentials.
- Black Hat Attackers: Ethically-questionable or malicious hackers who use their skills to exploit vulnerabilities for personal or financial gain.
Types Of Cybercrime
Cybercrime can be incredibly complex and few cybercrimes fit neatly into a single category. In this section, we will delve into the different forms that cybercrime can take, including computer and network intrusions, online fraud and identity theft, distribution of malware and ransomware, cyberstalking and online harassment, intellectual property theft, illegal online gambling and money laundering, child pornography, terrorism, or other illegal activities committed through the internet.
Computer and Network Intrusions
One of the most common types of cybercrime is computer and network intrusions, where cybercriminals gain unauthorized access to computer systems and networks to steal sensitive information, disrupt operations, or install malware. This can be done by exploiting vulnerabilities or using stolen credentials. Cybercriminals may also install malware such as viruses, trojans, or ransomware, launch Distributed Denial of Service (DDoS) attacks, or eavesdrop on network traffic.
Online Fraud And Identity Theft
Another type of cybercrime is online fraud and identity theft, where cybercriminals use social engineering tactics to trick individuals into giving up sensitive information or money. This can include phishing scams, investment scams, employment scams, and online shopping scams.
Distribution Of Malware And Ransomware
Cybercriminals also engage in the distribution of malware and ransomware, using methods such as malicious email attachments, malicious websites, and malicious software downloads to spread malware and ransomware to unsuspecting victims.
Cyberstalking And Online Harassment
Cyberstalking and online harassment is also a form of cybercrime, where cybercriminals use social media, messaging apps, or other online platforms to stalk and harass individuals, often with the intent of causing emotional distress. Examples include sending threats, sharing personal/private information without consent, and impersonating others.
Intellectual Property Theft
Cybercriminals looking to commit intellectual property theft steal or distribute copyrighted material without permission. This can include the distribution of pirated software, music, movies, or other digital content.
Illegal Online Gambling and Money Laundering
Cybercriminals using online platforms to engage in activities like illegal online gambling or money laundering are another category for cybercrime. The legality of online gambling can vary greatly depending on geography and local laws.
Child pornography is another cybercrime category that deals with online pornography, child sexual abuse material, and child exploitation facilitated by the Internet. Organizations like the Internet Watch Foundation (IWF), and the National Center for Missing and Exploited Children (NCMEC) are dedicated to protecting children from trafficking and exploitation.
Cyberterrorism, per the U.S. FBI, is defined as “premeditated, politically motivated attack against information, computer systems, computer programs and data, which results in violence against noncombatant targets by subnational groups or clandestine agents.”
Complexities and Overlaps in Cybercrime
Understanding the different types of cybercrimes making up the threat landscape is essential in order to effectively protect against them and mitigate the potential damage they can cause. As noted earlier, the nature of cybercrime is increasingly complex and the types of crimes listed above are not mutually exclusive. In fact, a key characteristic of cybercrime is its complexity, with cybercriminals intermingling and overlapping multiple threat vectors and tactics to carry out an attack.
If a cybercriminal gains unauthorized access to a network through a computer intrusion, they can use that access to steal sensitive information and install malware or ransomware that can then be used to launch a Distributed Denial of Service (DDoS) attack on another organization, disrupting their operations, or to exfiltrate or destroy data.
Cybercriminals that use phishing scams to persuade individuals into giving up sensitive information can use that stolen sensitive information to carry out fraudulent activities such as identity theft, online shopping scams, extortion, or money laundering, or funding terrorist activities.
Attack Types and Methods
Cybercriminals are continually devising new methods to exploit vulnerabilities, targeting individuals and organizations by combining any number of different tactics which may include exploiting unpatched software, using stolen credentials, or leveraging social engineering and phishing to take advantage of human fallibility. While cybercriminals use numerous methods to compromise their targets, these are some of the most common and dangerous attack types.
- Social Engineering: The use of manipulation and deception to trick individuals into giving up sensitive information or money.
- Phishing: The use of fake emails, websites, or text messages to trick individuals into giving up sensitive information or money.
- Malware and Ransomware Attacks: The use of malicious software to gain unauthorized access to computer systems, steal sensitive information, or disrupt operations.
- Distributed Denial of Service (DDoS) Attacks: The use of multiple compromised systems to flood a targeted website or network with traffic, disrupting access to the targeted resource.
- SQL Injection Attacks: The use of malicious SQL code to gain unauthorized access to sensitive information stored in a database.
- Cross-Site Scripting (XSS) Attacks: The use of malicious scripts to gain unauthorized access to sensitive information stored in a website.
- Password Attacks: Attempts to crack or guess passwords to gain unauthorized access to computer systems or networks.
- Man-in-the-Middle (MITM) Attacks: The use of a compromised system to intercept and manipulate network traffic, allowing the attacker to steal sensitive information or alter communication between two parties.
- Spear Phishing: Targeted phishing attacks directed at specific individuals or organizations.
- Drive-by Attacks: The use of malicious code on a website to exploit vulnerabilities on a user’s computer and gain unauthorized access.
- Watering Hole Attacks: The use of malicious code on a website frequented by a specific group of individuals or organizations in order to target them specifically.
- Malvertising: The use of malicious ads on legitimate websites to spread malware or steal sensitive information.
- Clickjacking: The use of manipulation techniques to trick users into clicking on links or buttons that they did not intend to click.
- Smishing: The use of text messages to trick individuals into giving up sensitive information or money.
- Vishing: The use of phone calls to trick individuals into giving up sensitive information or money.
- Advanced Persistent Threats (APTs): A type of cyber-attack that is characterized by a prolonged, planned and targeted attack by a highly skilled and determined adversary.
- Physical Attacks: The use of physical means to gain unauthorized access to computer systems or networks, such as stealing a laptop or using a USB drive to spread malware.
Cybercrime Motivations: Financial Gain, Espionage, and More
While the motivating factors behind cybercrime ultimately depend on who’s behind the attack, it’s primarily driven by financial gain and political or ideological goals such as espionage, revenge, hacktivism, and thrill-seeking.
The most common motivation behind cybercrime is financial gain — nearly 86% according to Verizon. After all, it’s a big business that entices criminal activity with the allure of massive payouts. There are various methods cybercriminals can employ to generate profits, such as stealing credit card information to make fraudulent purchases, extorting money through ransomware attacks, selling stolen personal information on the dark web, or using botnets to launch DDoS attacks and charging fees to stop the attack. Additionally, cybercriminals can steal intellectual property or trade secrets and use it to gain an unfair advantage in the market.
Espionage or National Security Threats
The second most common motivation behind cybercrime is espionage. Nation-states, organizations, and other actors use cyber espionage to gain access to sensitive information and intellectual property from other countries, organizations, or individuals. This can include sensitive government information, trade secrets, or other confidential information that could lend an advantage in economic, political, or military matters. Cyber espionage can also be used to steal sensitive personal information of citizens, or used to disrupt critical infrastructure. State-sponsored actors, criminal organizations, and other threat actors may use a variety of techniques such as spear phishing, malware and advanced persistent threats (APTs) or other sophisticated tactics which are difficult to detect and, therefore, prevent.
Politics or Activism
Those referred to as hacktivists generally have a political or ideological agenda that drives their actions. These threat actors use cyber attacks to protest against government policies or promote a particular cause. Their targets may be governments, organizations, or corporations that they perceive as acting against their beliefs or values. Hacktivists often resort to Distributed Denial of Service (DDoS) attacks, website defacement, and data leaks to disrupt the operations of their targets and draw attention to their issue. Hacktivists can be individual activists, groups, or even state-sponsored actors.
Personal Revenge or Grudges
Some cybercriminals are personally motivated to seek revenge for a perceived injustice. These revenge-seeking cybercriminals can be individuals, groups or nation-states that look to target individuals, organizations, or governments they believe have wronged them. They might deface websites, leak personal information, or launch DDoS attacks to cause harm or to disrupt the targeted individual or organization..
Impacts of Cybercrime
From financial loss, to reputational damage, to stolen sensitive information, and more, cybercrime can have a wide range of negative impacts on individuals, organizations, and even entire economies.
Economic Costs Of Cybercrime
As financial gain is the primary motivator for cybercrime, financial loss and economic costs rank high on the list of the impacts of cybercrime. These losses range from direct financial losses such as theft of money or credit card information, to indirect losses that stem from lost productivity or revenue due to operational disruption. Cybercrime magazine estimates that businesses will lose approximately $10.5 trillion USD in 2025 at an estimated rate of $19,977,168 USD per minute due to cybercrime.
Ransomware attacks are projected to cost as much as $30 billion USD globally over the course of 2023. The financial damage from a ransomware attack goes well beyond the actual ransom payment itself, which now averages close to $1 million USD per Palo Alto Networks. Ultimately the severity of and specific circumstances behind an attack drive the total cost incurred by an individual or organization, but one can expect to face losses related to data recovery, downtime that results in lost productivity, IT resources required for mitigation and remediation, legal costs, sharp hikes in cyber insurance premiums, post-attack security measures, and reputational damage.
Reputational Damage To Businesses And Organizations
Reputational damage may result in the loss of trust and credibility, damage to brand reputation, or loss of customers. This type of damage can be long-lasting and difficult to repair, potentially leading to a significant impact on an organization’s bottom line. In fact, public companies lose an estimated 8.6% of their value following a data breach according to Comparitech.
Disruption Of Essential Services And Infrastructure
Cybercrime poses a serious threat to national security as it can disrupt essential services and critical infrastructure such as financial services, industrial, technology, energy, transportation, communication, healthcare, education and public sector industries. These attacks can have devastating consequences, not only in terms of economic loss, but also in terms of public safety and even loss of life. The widespread ripple effect on society is significant, underscoring the need for robust cybersecurity measures to protect against these types of attacks.
Personal Consequences For Victims Of Cybercrime
Cybercrime can have severe personal consequences affecting not just the victim’s finances, but also their overall well-being. For instance, identity theft can cause not only financial burden, but also emotional distress and loss of privacy. Similarly, cyberstalking and online harassment can have severe psychological effects like fear and anxiety, and may also result in physical harm to a victim. Personal consequences of cybercrime also extend to the professional sphere, where CISOs and other executive leaders may not only lose their jobs, but also face personal criminal liability for attacks against the organizations they are charged with protecting.
Prevention And Protection Against Cybercrime
Preventing and protecting against cybercrime is a critical aspect of cybersecurity. By understanding what the various types of cybercrime are, how they work, and what their potential impacts are, we can develop strategies to prevent and respond to cyber attacks. Below are a number of tools and and best practices for cybercrime prevention and protection.:
- Security software: Using security software such as antivirus and firewall programs, can help detect and prevent cyber attacks by removing malware, blocking unauthorized access to networks and systems, and alerting users to potential threats. It’s important to keep your software and devices up to date with patches and updates to protect against known vulnerabilities.
- Network security: Network security measures such as firewalls, intrusion detection and prevention systems, and virtual private networks (VPNs) can help protect against cyber attacks. These measures can block unauthorized access to networks and systems, detect and prevent intrusions, and encrypt network communications to protect against eavesdropping.
- Cyber Threat Intelligence: Threat intelligence feeds are used to enrich and automate platforms like SASE, SIEM, and XDR to help accelerate security outcomes with richly contextualized IOCs and malicious threat signals.
- Security policies and procedures: Establishing security policies and procedures, such as security awareness training, incident response plans, and regular security assessments, can help prevent and respond to cyber attacks. These policies and procedures are useful for educating users on how to identify and avoid potential threats, and providing guidance on how to respond to cyber incidents.
- Regular software and system updates: Regular software and system updates can help protect against known vulnerabilities and fix security flaws. By keeping software and systems up to date, organizations can reduce their risk of falling victim to cyber attacks that exploit these vulnerabilities.
- Strong Passwords and Two-factor authentication: Using strong, unique passwords and enabling two-factor authentication can provide an additional layer of protection for accounts and sensitive information.
- Regular Data Backup: Regularly backing up data can help organizations quickly recover from a cyber attack, and prevent permanent data loss.
It is important to note that no single solution can completely protect against cybercrime, therefore a multi-layered approach is important to provide the most effective protection. A combination of software, network security, security policies, and regular updates can provide the most comprehensive protection against cybercrime.