Motivations, methods and practical attacks by cybercriminals
Cybercrime causes massive problems for society - personally, financially and in matters of national security.
For example, in the year 2016 fraud losses on the UK issued payment cards totalled £618 million (Source: Fraud Facts 2017, Financial Fraud Action UK). Attackers do this by stealing the payment card details and by exploiting the vulnerabilities in hardware, software and network systems.
What makes cybercrime different from other types of crime is, it happens on a large scale , with speed and in the background. By the time we realise, if we ever do, it’s already too late. Something which starts as a hobby or small attacks may grow to become significant threats. For example Globalscape ranks cybercrime a bigger national threat than terrorism.
Why do the attackers do it?
People committing cybercrimes do not fit into a single stereotype. They do it either for monetary gain, for example on 12 February 2019, a gang in the UK was jailed for 9 years for a £200,000 fraud, or they do it for social status or curiosity. Cybercrime can also be an unwanted result of testing in an uncontrolled environment.
Because of the internet, cybercriminals have no limits, no boundaries, and no rules to obey. They can be anyone - from a lone teenager to a more organised crime group or a modern organisation, some of them even operating 24/7.
Now, let us explore some cybercriminal methods and investigate how crime in online payments works.
Credit card details and personally identifiable information remain highly desirable in the payments underworld; criminals also target login credentials.
How do they do it?
There are multiple ways in which bad people create chaos and steal money or data. Examples include:
- card data harvesting
- denial of service attack (DoS)
- phishing (discussed)
- malware attacks.
Card data harvesting
This is carried out by brute-force methods in which the attackers explore the system to discover portions of the networks that are secured inadequately. At large organisations where the data architecture is highly sophisticated, the card information can be spread over different isolated pockets and systems, across the network. This distributed data structure could be as a result of years of iterative development and operational efforts. The usual architectural approach, especially for online payments proves incredibly difficult to maintain a track record of repeated attempts that could be made by an attacker on a single card to learn card data (Source: Financial Institutions, Merchants and Cyber threats, Aite 2013).
A denial of service (DoS) attack is performed on a website in an attempt to make it unusable. Today, almost all websites have an ability to respond to thousands of requests in the blink of an eye. However, if the same website is hit with billions or even trillions of requests at the same time, it gets overloaded and stops responding. Attackers maliciously take over the control of several computers worldwide and use them as a unit (otherwise known as a botnet) to bring down the website. Such type of an attack is called Distributed Denial of Service (DDoS).
As mentioned in the 2013 eCommerce Cyber Crime Report by Ponemon:
A DoS attack can cost a retailer $3.4 million in losses for 1 hour of downtime on Cyber Monday, not to mention the reputational losses associated with brand damage and reduced consumer confidence.
A computer malware is an executable program that is engineered to harm legitimate software processes. Typically, it is designed in a way that it can spread across multiple computers that are connected through a network. There are ways in which attackers trick their victims to install malwares on their computer. Well known methods include, fake software updates or counterfeit software applications downloaded from bogus websites.
Computer malware can further be categorised into viruses, spywares, trojans, adware and rootkits. Kaspersky have published a useful list of FAQs on this topic.
© Newcastle University