Who Are Cyber Criminals?
Cyber crimes have quickly become one of the fastest rising forms of modern crime. According to cyber experts, approximately 1 million potential cyber attacks are attempted per day, and with the evolution of mobile and cloud technologies, this number is likely to increase. To help mitigate this growth, businesses and corporations have been expanding their cybersecurity teams and efforts. Yet, in order to accurately identify potential hackers and/or attacks, cyber security teams should possess a firm understanding of who cyber criminals are, what techniques they use and what counter-initiatives can be implemented in order to protect and prevent future cyber crimes.
Common Types of Cyber Criminals
Cyber criminals, also known as hackers, often use computer systems to gain access to business trade secrets and personal information for malicious and exploitive purposes. Hackers are extremely difficult to identify on both an individual and group level due to their various security measures, such as proxies and anonymity networks, which distort and protect their identity. Cybersecurity experts assert that cyber criminals are using more ruthless methods to achieve their objectives and the proficiency of attacks is expected to advance as they continue to develop new methods for cyber attacks.
The growth of the global cyber criminal network, which is largely credited to the increased opportunity for financial incentives, has created a number of different types of cyber criminals, many of which pose a major threat to governments and corporations.
1. Identity Thieves
Identity thieves are cyber criminals who try to gain access to their victims’ personal information – name, address, phone number, place of employment, bank account, credit card information and social security number. They use this information to make financial transactions while impersonating their victims.
Identity theft is one of the oldest cyber crimes, gaining prominence during the early years of the Internet. Initially, these cyber criminals leveraged basic hacking techniques, such as modifying data and leveraging basic identity fraud to uncover desired information. Today, the practice has progressed in scope and technique due to advances in computing, and now, many identity thieves can hack into a government or corporate database to steal a high-volume of identities and personal information. This expansion of strategy has resulted in major losses for companies and consumers, with recent studies indicating that approximately $112 billion has been stolen by identity thieves over the past six years.
2. Internet Stalkers
Internet stalkers are individuals who maliciously monitor the online activity of their victims to terrorize and/or acquire personal information. This form of cyber crime is conducted through use of social networking platforms and malware, which are able to track an individual’s computer activity with very little detection. The motives for such attacks can differ depending on the cyber criminal, but many internet stalkers seek to acquire important information that they can use for bribery, slander, or both. Businesses should be aware of internet stalkers, as well as the strategies that they utilize, in case their employees are ever victims of this cyber attack. If left unaddressed, internet stalkers could cause emotional distress to the team or even obtain data for blackmail.
3. Phishing Scammers
Phishers are cyber criminals who attempt to get ahold of personal or sensitive information through victims’ computers. This is often done via phishing websites that are designed to copycat small-business, corporate or government websites. Unsuspecting computer users often fall prey to such activities by unknowingly providing personal information including home addresses, social security numbers and even bank passwords. Once such information is obtained, phishers either use the information themselves for identity fraud scams or sell it in the dark web. It’s important for businesses to constantly be aware of phishing scams, particularly scams that may be trying to copycat their own business site. Such sites can tarnish the company’s reputation and brand, which could potentially lead to a decrease in earnings.
4. Cyber Terrorists
Cyber terrorism is a well-developed, politically inspired cyber attack in which the cyber criminal attempts to steal data and/or corrupt corporate or government computer systems and networks, resulting in harm to countries, businesses, organizations and even individuals. The key difference between an act of cyber terrorism and a regular cyber attack is that within an act of cyber terrorism, hackers are politically motivated, as opposed to just seeking financial gain.
Cyber Crime Techniques
There are a number of techniques that cyber criminals leverage to access personal and private networks. Some of the most common include:
• Botnet – a strategically developed network of bots which crawl the backend of the web to spread malware with very little detection.
• Zombie Computer – a computer which is deliberately hacked by cyber criminals in order to gain access to and/or attack a private network.
• Distributed Denial of Service (DDoS) – with a DDoS attack, cyber criminals are not necessarily seeking to access data, but rather are hoping to shut down a network via an overload of junk data. An example of a DDoS attack occurred on Friday, October 21, 2016, when cyber criminals shut down a number of highly utilized websites, including Twitter, Spotify and Amazon.
• Metamorphic Malware – one of the more advanced techniques, metamorphic malware, repeatedly adjusts its code, making it extremely difficult to detect by even the most advanced anti-virus software. Experts predict that by the end of 2017, there will be an emergence of malware that can infiltrate networks, steal information and cover up their activities. These forms of malware will make it difficult for government agencies and businesses to establish the extent to which data has been tampered with, as well as prevent law enforcement from pursuing and prosecuting the offenders.
Countermeasures Against Cyber Attacks
To help protect their organization from cyber attacks, there are a number of countermeasures that information security professionals can implement. While the best strategy is to take a holistic approach, some common individual countermeasures include:
• Network Encryption – a security protocol implemented at the network level which encrypts data so network access is limited to authorized computers.
• Proxies – a security strategy which connects users to a remote location so that their data and information is encrypted. Proxies can allow users the ability to manipulate their shared information so a potential hacker would acquire wrong or misleading data.
• Firewalls – a network wall which helps users prevent access from dangerous parties.
• Cyber Liability Insurance – legal protection that can protect a business or organization from liability during a data breach. Cyber liability insurance has become important with the increasing number of social security and credit card numbers stolen.
Cyber crime has steadily become one of the downsides of technological advancement. Cyber criminals are increasingly using top-notch tools and strategies to carry out well-coordinated attacks on the web. To help prevent and protect against future cybersecurity attacks, information security professionals should take a holistic approach to protecting their infrastructure, incorporating countermeasures such as network encryption, proxies, firewalls and cyber liability insurance. Furthermore, information security professions should remain proactive in educating themselves on the latest techniques and technologies within the industry for managing cyber attacks.
As the nation’s oldest private military college, Norwich University has been a leader in innovative education since 1819. Through its online programs, Norwich delivers relevant and applicable curricula that allow its students to make a positive impact on their places of work and their communities.
At Norwich University, we extend a tradition of values-based education, where structured, disciplined, and rigorous studies create a challenging and rewarding experience. Online programs, such as the Master of Science in Information Security & Assurance, have made our comprehensive curriculum available to more students than ever before.
Norwich University has been designated as a Center for Academic Excellence in Cyber Defense Education by the National Security Agency and Department of Homeland Security. Through the program, you can choose from the five unique concentrations that are designed to provide an in-depth examination of policies, procedures, and overall structure of an information assurance program.