Cybercrime is commonly defined as any unlawful action against the integrity of a specific computer site or perpetrated using a computing device. This definition is based on the use of computing resources. Indeed, the definition applies whether the computer is used by the criminal to perpetrate an offence or a conventional crime (scam, threat, etc.) or the computer is the target of the criminal (theft, fraudulent use or destruction of data, etc.).
This type of attack uses technologies associated with information and communication networks as a medium. Generally, the goal is to take advantage of the credulity of users to acquire confidential information from them and then use it unlawfully.
There are all sorts of conventional offences and their number is constantly increasing. The classic examples are as follows:
These are ‘traditional’ crimes and offenses transposed to digital information and communication networks.
These attacks are essentially motivated by greed (the search for any type of gain, financial or material) or immoral, unhealthy and improper behaviours (such as paedophilia, prostitution rings, racism, revisionism. etc.).
This type of attack has changed significantly since its advent; it essentially exploits the many vulnerabilities of computer resources. The most common attacks are as follows:
A technological attack can be based on one or a combination of several of the following reasons:
They either target confidentiality, integrity or the availability of a computer system (or a combination of all three).
To deploy malware, the hacker typically focuses on one of the following alternatives:
Opportunistic attacks are attacks not directly targeting particular people or organisations, but where the goal is to cause as many casualties as possible, whatever they may be. Most people and organisations are vulnerable to this threat.
Here are some common steps for this type of attack:
Malware is a tool that gives the attacker absolute control over the computer of his/her victims. It is, therefore, the cornerstone of many opportunistic attacks.
Reaching a large number of victims requires good distribution. Whether for a scam or to infect computers a wide audience must be reached. Sending emails or SPAM on social networks can be a very good method.
A web presence is important not only for legitimate organisations, but also for cybercriminals. Creation of phishing sites, advertisements, scams, pages containing an exploit that will infect the computers of Internet users…
Targeted attacks can be very difficult to counteract. It all depends on the energy and time deployed by the criminal group. In general, a well-organised, targeted attack is likely to succeed when the attacker focuses exclusively on the victim.
These attacks can take place in different stages. Below, you will find some important steps involved in this type of attack.
Before attacking a particular target, the hacker generally assesses any information that might help him/her map the targeted organisation or individual (snapshot). A list of telephone numbers or emails posted on the Internet can be the key to attacking an organisation.
Sometimes hackers test the target systems to see if they are active and determine if there are any vulnerabilities. This can trigger alarms and often does not give convincing results; it is therefore reserved for certain specific fields of application only.
Often, attacking computer systems is impossible because they are highly protected. In the case of social engineering, rather than using a technical flaw of the system, the perpetrator will exploit the credulity of a human being. The perpetrator will, for example, pretend to be someone else related to the user in order to gain access to information such as a password. This scenario has become common practice; hackers often use psychological pressure on an individual or invoke urgency, to quickly obtain the desired information.
Often the perpetrator will attempt an attack by mailtrap, containing a ‘Trojan horse’ in any program, which may allow the perpetrator, once activated by the user, to take remote control of the victim’s computer.