“Part II“

In Part I of What is Cybersecurity we talked about the difference between cybersecurity and information security and also discussed the different types of cybersecurity and attacks and the prevention measures that can be taken to avoid such attacks. In this article, we will discuss further on the threat actors, their motivation and the different types of cybercrimes happening nowadays globally.

What is Cyber Crime?

Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. Where a computer has been used in committing any crime, Cybercrime may threaten a person, may threaten a nation’s security and financial health of a country/organization/person.

Cybercrime can be classified into two types;

1. Cyber – Dependent Crime
2. Cyber-Enabled Crime

Cyber-Dependent Crime:

Cyber Dependent crimes are breaches that are committed using a computer, computer networks or other forms of information communications technology (ICT) devices. These acts include the spread of viruses or other malware, hacking and distributed denial of service (DDoS) attacks. i.e, crimes which range from an attacker changing your profile photo in your social network to stealing your car using special devices falls under cyber- dependent crime.

Cyber-Enabled Crime:

These are crimes which can be increased in their scale or reach by the use of computers and can be performed without the use of the computer or computer networks or other forms of information communications technology (ICT) devices. Examples of cyber-enabled crimes are fraud, theft, cyberbullying, harassment, defaming, misuse of information etc. 

Threat Actors in Cyberspace:

Threat Actors also commonly known as hackers/attackers is one of the most commonly used terms in cyberspace because they are the opponents of the systems from whom we secure ourselves.

The attackers are usually outsiders but can also be from inside the organisation.

There are different types of attackers;

Script Kiddies:

A script kiddie is an unskilled individual who uses pre-existing scripts or programs available on the internet/darknet and tries to attack a computer system or network. The script kiddies are not sophisticated in their attacks and do not have any funding to perform the attack.

Hacktivist:

Hacktivist comes from the two words hack and activism. Hacktivism is a process of breaking into a system for politically or socially motivated reasons. This may be to prove a point or to defame a particular body. These types of attacks are usually external and with very less funding.

Organized Crime:

Organized crime is the most dangerous type when compared to the others because they have a lot of funding to perform attacks and some of the groups are supported politically.

These are external attacks and are done solely for profit.

Nation State:

Nation states usually attack the public and private sector to steal, modify, delete information. They work for the government and target government organisations or individuals to steal valuable data and cause a significant incident.

Insiders: 

Insiders are one of the most dangerous threat actors. They pose a major threat to an organisation. Since insiders have access to the system and network and are fully aware of the network and know where the network is vulnerable to an attack. This fact makes it harder to detect and protect against.

Competitors:

Competitors are external threat actors who look to harm the reputation of their competitors by defaming them, performing a DOS and rendering their service unavailable or espionage to steal valuable information.

Broad Classification of Cybercrime:

Cybercrime is a broad term used to represent a wide range of activities. There are a significant amount of cyber threats on the internet. Below we see the major threats in cyberspace which raise concern among internet users.

Computer Fraud:

Computer fraud comes under cybercrime and as the name suggests it is the act of accessing a computer to steal information or to modify valuable information. According to Computer Misuse act 1990(CMA), it is a punishable offence with punishments ranging from 12 months to 10 years imprisonment. The following are the clauses mentioned in the CMA 1990;

1. Unauthorised access to computer material 
2. Unauthorised access with intent to commit  further offences 
3. Unauthorised acts with intent to impair the operations of a computer

Cyber-Terrorism:

The scope of the attack and the damage that can be caused is high in this case and the government organisations and the national bodies should be careful because they are one of the main targets. Cyber-terrorism can be defined as the use of computer network tools to shut down critical national organisations and thereby threaten them significant damage, loss of life etc.

Sabotage: 

Sabotage can be defined as deliberately weakening or destroying an economic or military system. This is usually a technical attack and can lead to physical destruction and overt violence.

Espionage:

Espionage or spying is an act of stealing valuable and confidential information for the sake of achieving a goal. The main aim of such an attack is not to render an organisation unavailable or down but to collect information and achieve a goal using the information.

Subversion:

The deliberate attempt to undermine the authority, integrity, and the constitution of established authority. For example;

1.  Undermine a government’s authority 
2. Undermine an organisation’s authority 

Cyberstalking:

Cyberstalking is defined as the continuous usage of the internet to annoy, alarm, stalk or harass an individual. There are different form of cyberstalking;

1. Harassment
2. Humiliate 
3. To instil fear 
4. Damage the reputation of the victim
5. To locate personal information of the victim.

The UK Legal Framework Protection from harassment act 1997 punishes anyone who does any of the above-mentioned things to the target victim.

Cyberbullying:

The main target of Cyberbullying are children and people who can’t defend themselves. Cyberbullying typically focuses on mocking and humiliating a particular individual and is also based on the individual’s sexual behaviour, weight, appearance or other similar physical characteristics.

Creating awareness and staying safe is one of the best measures one can take in order to protect themselves from any kind of attack. With the number of people connected to the internet in the 21st century, we are easy targets for cybercriminals to attack us in any form. People are becoming the prime targets as there are a huge number of us using the internet. So it is important for us to be aware of how the internet works and create awareness among children about the different types of consequences they may face on the internet if exposed.

If your system is compromised or if you would like to be prepared you can contact us at info@rootfloe.com for a free consultation.

Shivashankar Saravanan

Shivashankar is a Business Associate at Rootfloe and has a masters degree in Cyber security from Royal Holloway University of London.

https://www.rootfloe.com
Business Associate