As Information Technology Communication (ICT) is integrated into daily functioning of businesses, organizations, governments, and individuals, almost everyone depends on ICT for a living, criminals also utilize ICT platforms to carry out crime activities. Computer related criminals use computer as the object of the crime (hacking, phishing, spamming) or as a tool to commit an offense (child pornography, hate crimes). About a decade ago, nations and organizations did not anticipate cybercrime activities we see today. Cybercrime industry is evolving rapidly due to several factors. This paper first discusses the evolution in cybercrime acts. The paper also discusses and describes modern day cybercrime activities as an industry.
The Evolution of Cybercrime Acts
Cybercrime acts have evolved from simple recreational through criminal, hacktivist, organized crime, and state sponsored activities. Cybercrime begun with cyber recreational activities- with limited technical resources and known exploits. Recreational activities later led to Cyber-Vandalism (otherwise known as cybercrime). With limited tools and techniques, criminals could carry out simple to moderate types of cyber destructions. Later, a group of criminals (hacktivists) also emerged. Hacktivists continue to operate as a relentless, emotional groups and individuals who attack systems and networks. Currently, cybercrime has matured to a more advanced form-organized and state sponsored crimes. Organized cybercriminals operate for economic purpose. Criminals in organized crime group are syndicates who have technical resources and skill set to carry out complex cybercrimes. The criminals leverage malware, crimeware and other cyber weapons to carry out their operations. Cybercrime has grown into what is known as State Sponsored Cybercrime-criminal activities sponsored by heads of states. Criminals in this group carry out criminals’ activities for political purpose. The criminals in state sponsored crimes carry out cyber warfare, industrial espionage, attacks on state managed infrastructures, etc.
The Current Cybercrime Industry
Cybercrime activities have come to stay with us and has become an industry by itself. Just as any industry evolves, so does the cybercrime industry. Cybercrime has evolved to more advanced form, including Cybercrime as service; Online Dating; Growth of mobile spam; Crime to the Internet of Things; and the High rate of Ransomware.
Cybercrime as a Service (CaaS): McAfee reported that cybercrime activities have developed into a fully-fledged industry with “suppliers, markets, and service providers”. Criminals in CaaS are into financing, trading systems, and a proliferation of business models. The growth of this industry has been fueled by cryptocurrencies like Bitcoin and the protective cloak for criminals provided by technologies like “Tor”.
Distributed Denial of Service as a Service (DDoSaaS): In recent years, we have observed a resurgence of DDoS attacks. These attacks often exploit vulnerable servers (e.g., DNS and NTP) to produce large amounts of traffic with little effort. We have also observed the surge of application-level DDoS attacks, which leverage corner cases in the logic of an application to severely reduce the availability of the provided service. In both cases, these attacks are used to extort a ransom, to hurt a target organization, or to gain some tactical advantage. As it has happened for many of the components in the underground economy, DDoS has been commoditized as DDoS as a service (DDoSaaS). DDoSaaS service providers buy and direct attacks from criminals 9who pay them) against specific targets (organizations).
Growth of mobile spam: Communication via the Internet, with the help of a keyboard, is now becoming a thing of the past. Spammers are seeking out new ways of delivering their unwanted correspondence across the globe. The volume of mobile spam will grow exponentially, while the cost of Internet-based communications will shrink due to the intensive development of cellular communication systems. The struggle for the means to collect, manage, store and use information, about everything and everybody, will define the nature of threats for the next decade.
Online Dating: Dating websites and apps typically are seeing a surge in activity this time of year as people who felt lonely over holidays try to find someone special with whom to share their life. Online romance scams bilk people out of more than $200 million a year, but humans’ hard-wiring makes the fraudsters hard to stop.
Crime to the Internet of Things: The interconnected advantages and accessibility involved in the Internet of Things (IoT) meant that cyber criminals would likely be interested in ways to compromise this channel. Along with mobile phones, smart devices that make up the Internet of Things have also been relatively free for large scale hacks. Researchers have demonstrated that it is possible to hack things like cars, including being able to apply the brakes of a car by sending the control system of the vehicle through an SMS. In the case of this type of vulnerabilities, car manufacturers have moved to plug security holes quickly in recent times.
High rate of Ransomware: Ransomware is also becoming much more common because the criminals are figuring out more effective ways to monetize it. Individuals as well as organizations are falling victim to ransomware, with organizations typically getting hit by larger ransom demands.
Samuel O Aduafo – Cybersecurity Specialist, AdvancedEvidenceDiscovery Ltd; Institute of Cybersecurity, Ghana, (Member of Institute of ICT Professionals Ghana)
For comments, contact author: firstname.lastname@example.org