Jump to content

Cybercrime: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
Jessica (talk | contribs)
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''Cybercrime''' is the use of electronic communication for criminal activities.<ref>Loader, Brian D., and Douglas Thomas, eds. Cybercrime: Security and surveillance in the information age. Routledge, 2013.</ref> The concept of cybercrime depends upon the purpose of the term. Cybercrime almost always encompasses acts against the confidentiality, integrity, and availability of computer data or systems. More broadly, the term refers to computer/content-related acts for personal or
'''Cybercrime''' is the use of electronic communication for criminal activities.<ref>Loader, Brian D., and Douglas Thomas, eds. Cybercrime: Security and surveillance in the information age. Routledge, 2013.</ref> The concept of cybercrime depends upon the purpose of the term. Cybercrime almost always encompasses acts against the confidentiality, integrity, and availability of computer data or systems. More broadly, the term refers to computer/content-related acts for personal or
financial gain or harm.<ref>[https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf Comprehensive Study on Cybercrime, UNODC, 2013]</ref>
financial gain or harm.<ref>[https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf Comprehensive Study on Cybercrime, UNODC, 2013]</ref>
==Organizations==
==History==
The following IGOs, NGOs, and U.S. government agencies are key opponents of global cybercrime.<ref>[https://guides.ll.georgetown.edu/c.php?g=363530&p=4821480 International and Foreign Cyberspace Law Research Guide]</ref><ref>[https://www.fbi.gov/scams-and-safety/common-scams-and-crimes Common Online Scams, FBI]</ref>
'''Proto-cybercrime: Phone Phreaking''' <br/>
In the 1970s, crimes were committed via telephone lines much like they are today via the Internet. The perpetrators, called "Phreakers," figured out that the U.S. telephone system functioned on the basis of tones. Notoriously, [[John Thomas Draper]], [[Steve Jobs]], and [[Steve Wozniak]] reverse-engineered and imitated the tones needed to route long-distance calls. The computerization of telecommunications led to the end of the phreaking era, and the culture shape-shifted into computer hacking.<ref>[https://goosevpn.com/blog/origin-cybercrime The Origin of Cybercrime, GooseVPN]</ref> <br/>
'''Hacking Becomes a Criminal Act''' <br/>
In 1982, [[Ian Murphy]], aka Captain Zap, became the first person to be found guilty of a cybercrime, after hacking AT&T and manipulating its internal clock to enable free calls during peak hours.<ref>[https://smartermsp.com/tech-time-warp-curious-cases-early-hackers/]</ref> <br/>
'''First [[DNS Abuse Responses|Governmental Response to DNS Misuse]]'''<br/>
On Nov. 2, 1988, [[Robert Tappan Morris]] released a worm that halted one-tenth of the Internet and led to the founding of the first Computer Emergency Response Team ([[CERT]]).<ref>[https://www.wired.com/2001/02/the-greatest-hacks-of-all-time/ The Greatest Hacks, Wired]</ref> <br/>
'''First Time a Hacker Makes Most Wanted List''' <br/>
In 1995, the FBI notifies the public that it really wanted to catch [[Kevin Mitnick]] for social engineering attacks and stealing sensitive government and personal financial data.<ref>https://www.mitnicksecurity.com/about-kevin-mitnick-mitnick-security About Kevin, Mitnick Security]</ref><br/>
'''Expansion of Criminal Operations'''<br/>
In 2019, [[Interisle]] conducted a study on Criminal Abuse of Domain Names Bulk Registration and Contact Information Access, which explained that cybercriminals take advantage of bulk registration services to launch attacks across many domain names and that ICANN’s [[Temporary Specification for gTLD Registration Data]] has had a detrimental effect on cybercrime investigations.<ref>[https://interisle.net/sub/CriminalDomainAbuse.pdf Criminal Domain Abuse, Interisle 2019]</ref>
 
==2021 Cybercrime Reports==  
Current trends in cybercrime revolve around how the COVID-19 pandemic has shaped everyday work/home life and highlighted the importance of cyber networks in maintaining [[Cybersecurity and Infrastructure Security Agency|critical infrastructure]].
* [[PurpleSec]]'s 2021 Cyber Attack Report<ref>[https://purplesec.us/resources/cyber-security-statistics/#SmallBusiness Cybersecurity Stats, PurpleSec]</ref> indicates that:
# Receiving 38% of cyber attacks, the U.S. the number one victim of cybercrime
# 92% of malware is delivered by email
# 43% of cyber attacks target small businesses
# 21% of Financial institutions suffered a [[Watering Hole Attack]] in 2020
# 32% of financial institutions encountered [[Island Hopping]], which refers to attackers using one compromised organization to gain entry into another
# 25% of all malware attacks hit financial industries, more than any other [[CISA|critical infrastructure sector]]
 
* '''[[INTERPOL]]’s ASEAN Desk identified the top cyber threats''' as:<ref>[https://www.interpol.int/en/News-and-Events/News/2021/INTERPOL-report-charts-top-cyberthreats-in-Southeast-Asia INTERPOL ASEAN Desk]</ref>
# [[Business Email Compromise]], as a high-return investment with low cost and risk;
# [[Phishing]], using COVID-19 jargon and misinformation to deceive unsuspecting victims;
# [[Ransomware]], to target medical centers and public institutions, expecting a better success rate due to the pandemic;
# [[E-commerce Data Interception]], undermining trust in online payment systems.
# [[MaaS|Malware-as-a-Service]], are reaching non-technical threat actors and requiring minimal investment;
# Cyberscams, because of the pandemic, more people are conducting transactions and working from home online; and
# [[Cryptojacking]], as the value of cryptocurrencies increases.
 
* '''[[Mandiant]]'s M-Trends 2021 Report'''<ref>[https://content.fireeye.com/m-trends/rpt-m-trends-2021 Executive Summary, 2021 M-Trends Report]</ref>
# 59% of the security incidents investigated by Mandiant last year were initially detected internally by the organizations themselves (12% better than in 2019).
# Ransomware has evolved and now employs various extortion tactics.
# FIN11, a financially motivated threat group, was responsible for widespread phishing campaigns and extortion operations.
# The median dwell time dropped as threat actors capitalized on pandemic-related shifts in work/home life.
# UNC2452, an uncategorized state-sponsored group, engaged in a broad espionage campaign after injecting a backdoor dynamic-link library (DLL) into the [[SolarWinds]] Orion process.
# 63% of attackers used techniques outlined in the [https://attack.mitre.org/ MITRE ATT&CK framework], and 5% of intrusions used over 1/3 of MAF techniques.
# Threat actors exploited vulnerabilities in the infrastructure supporting work at home.


{| class="wikitable" style="float:left; margin-right:5 px;"
* '''[[Spamhaus]]'s 2021 Q2 Report'''<ref>[https://www.spamhaus.org/news/article/813/spamhaus-botnet-threat-update-q2-2021 Botnet Update,Spamhaus]</ref> <br/>
! Organization !! Focus Areas
This report focused on [[Botnet Attacks|botnet]] [[Command and Control]] activity and compared the findings from Q1 with Q2. Key figures:
# A 594% increase of newly registered botnet C&C domains at [[NameSilo]]! This sudden uptick knocked [[Namecheap]] out of first place.
# Working with the [[FBI]], Spamhaus discovered 1.3 million compromised email accounts; 22,000 compromised domains; and 3,000 compromised networks.
# The three hosting providers with the largest abuse problems and/or worst [[DNS Abuse responses|responses]] to abuse reports are [[Ipjetable]], [[Google]], and [[Microsoft]]. <br/>
Other significant Spamhaus findings:
{| class="wikitable"
! Top 20 Most Commonly Used [[Malware]] Families (ranked)  !! [[Malware#Common Types of Malware Based on Purpose|Function]] !! Most Commonly Attacked [[TLD]]s (ranked) !! Top 20 Geo-Locations of C&C Botnet Servers (ranked)
|-
| Raccoon || dropper || [[.com]] || U.S.
|-
| RedLine || remote access trojan (RAT) || [[.xyz]] || Russia
|-
| AsyncRAT || Credential Stealer || [[.buzz]] || Netherlands
|-
| Loki || RAT || [[.top]] || Germany
|-
| Gozi || RAT || [[.br]] || France
|-
| BitRAT || Credential Stealer || [[.vip]] || Latvia
|-
|-
| [[EC]] Action Against Cybercrime || capacity buidling for compliance with [[Budapest Convention]]
| Oski || RAT || [[.org]] || U.K.
|-
|-
| [[INTERPOL]] || transnational information sharing
| VjWOrm || Credential Stealer || [[.ru]] || Ukraine
|-
|-
| [[ITU]] || harmonization of technical standards
| NjRAT || Credential Stealer || [[.net]] || Switzerland
|-
|-
| [[UNODC]] || thematic reports on transnational crimes; database of trans/national legislation and case law on cybercrime
| RemcosRAT || e-banking Trojan || [[.cloud]] || Seychelles
|-
|-
| [[APWG]] || industry association combats phishing and email spoofing; data standards and model response systems and protocols
| NanoCore || RAT || [[.tk]] || Czech Republic
|-
|-
| [[Spamhaus]] || provides real time, actionable threat intelligence to network operators, corporations, and security vendors
| AgentTesla || RAT || [[.cn]] || Moldova
|-
|-
| [[eNASCO]] || child safety online
| Tofsee || RAT || [[.eu]] || Panama
|-
|-
| [[INHOPE]] || combating child pornography
| Arkei || RAT || [[.ga]] || Canada
|-
|-
| [[IWF]] || combating child sexual abuse
| STRRAT || credential Stealer || [[.ml]] || Malaysia
|-
|-
| [[The Rand Corporation]] || credible research
| CryptoBot || credential Stealer || [[.online]] || Poland
|-
|-
| [[CCIPS]] || proseuting computer and IP crimes
| CobaltStrike || RAT || [[.live]] || Finland
|-
|-
| [[ECTF]] || investigating identify theft, network intrusions, Business Email Compromise (BEC), and ransomware
| ServeHelper || credential Stealer || [[.su]] || Vietnam
|-
|-
| [[C3]] || technical support for cross-border crime
| IcedID || dropper || [[.info]] || Turkey
|-
|-
| [[IC3]] || cybercrime complaints
| QuasarRAT || dropper || [[.cf]] || Brazil
|}  
|}


{| class="wikitable" style="float:right; margin-left: 5px;"
==Organizations==
{| class="wikitable" style="float:right; margin-left:0px;"
! [[FBI]] !! Focus Areas
! [[FBI]] !! Focus Areas
|-  
|-  
Line 89: Line 145:
|  || Ransomware
|  || Ransomware
|-
|-
|  || Redemption / Strawman / Bond Fraud
|  || Redemption/Strawman/Bond Fraud
|-
|-
|  || Reverse Mortgage Scams
|  || Reverse Mortgage Scams
Line 97: Line 153:
|  || Sextortion
|  || Sextortion
|}
|}
The following IGOs, NGOs, and U.S. government agencies are key opponents of global cybercrime.<ref>[https://guides.ll.georgetown.edu/c.php?g=363530&p=4821480 International and Foreign Cyberspace Law Research Guide]</ref><ref>[https://www.fbi.gov/scams-and-safety/common-scams-and-crimes Common Online Scams, FBI]</ref>
{| class="wikitable"
! Organization !! Focus Areas
|-
| [[EC]] Action Against Cybercrime || capacity buidling for compliance with [[Budapest Convention]]
|-
| [[INTERPOL]] || transnational information sharing
|-
| [[ITU]] || harmonization of technical standards
|-
| [[UNODC]] || thematic reports on transnational crimes;
|-
| || database of trans/national legislation and case law on cybercrime
|-
| [[APWG]] || industry association combats [[phishing]] and [[Email Spoofing]];
|-
| || data standards and model response systems and protocols
|-
| [[Spamhaus]] || provides real time, actionable threat intelligence to
|-
| || network operators, corporations, and [[Cybersecurity]] vendors
|-
| [[eNASCO]] || child safety online
|-
| [[INHOPE]] || combating child pornography
|-
| [[IWF]] || combating child sexual abuse
|-
| [[The Rand Corporation]] || credible research
|-
| [[CCIPS]] || prosecuting computer and [[IP]] crimes
|-
| [[ECTF]] || investigating identify theft, network intrusions;
|-
| || [[Business Email Compromise]] (BEC), and [[ransomware]]
|-
| [[C3]] || technical support for cross-border crime
|-
| [[IC3]] || cybercrime complaints
|}
==References==


[[Category:Concepts]]
[[Category:Concepts]]

Latest revision as of 17:30, 4 February 2022

Cybercrime is the use of electronic communication for criminal activities.[1] The concept of cybercrime depends upon the purpose of the term. Cybercrime almost always encompasses acts against the confidentiality, integrity, and availability of computer data or systems. More broadly, the term refers to computer/content-related acts for personal or financial gain or harm.[2]

History

Proto-cybercrime: Phone Phreaking
In the 1970s, crimes were committed via telephone lines much like they are today via the Internet. The perpetrators, called "Phreakers," figured out that the U.S. telephone system functioned on the basis of tones. Notoriously, John Thomas Draper, Steve Jobs, and Steve Wozniak reverse-engineered and imitated the tones needed to route long-distance calls. The computerization of telecommunications led to the end of the phreaking era, and the culture shape-shifted into computer hacking.[3]
Hacking Becomes a Criminal Act
In 1982, Ian Murphy, aka Captain Zap, became the first person to be found guilty of a cybercrime, after hacking AT&T and manipulating its internal clock to enable free calls during peak hours.[4]
First Governmental Response to DNS Misuse
On Nov. 2, 1988, Robert Tappan Morris released a worm that halted one-tenth of the Internet and led to the founding of the first Computer Emergency Response Team (CERT).[5]
First Time a Hacker Makes Most Wanted List
In 1995, the FBI notifies the public that it really wanted to catch Kevin Mitnick for social engineering attacks and stealing sensitive government and personal financial data.[6]
Expansion of Criminal Operations
In 2019, Interisle conducted a study on Criminal Abuse of Domain Names Bulk Registration and Contact Information Access, which explained that cybercriminals take advantage of bulk registration services to launch attacks across many domain names and that ICANN’s Temporary Specification for gTLD Registration Data has had a detrimental effect on cybercrime investigations.[7]

2021 Cybercrime Reports

Current trends in cybercrime revolve around how the COVID-19 pandemic has shaped everyday work/home life and highlighted the importance of cyber networks in maintaining critical infrastructure.

  1. Receiving 38% of cyber attacks, the U.S. the number one victim of cybercrime
  2. 92% of malware is delivered by email
  3. 43% of cyber attacks target small businesses
  4. 21% of Financial institutions suffered a Watering Hole Attack in 2020
  5. 32% of financial institutions encountered Island Hopping, which refers to attackers using one compromised organization to gain entry into another
  6. 25% of all malware attacks hit financial industries, more than any other critical infrastructure sector
  • INTERPOL’s ASEAN Desk identified the top cyber threats as:[9]
  1. Business Email Compromise, as a high-return investment with low cost and risk;
  2. Phishing, using COVID-19 jargon and misinformation to deceive unsuspecting victims;
  3. Ransomware, to target medical centers and public institutions, expecting a better success rate due to the pandemic;
  4. E-commerce Data Interception, undermining trust in online payment systems.
  5. Malware-as-a-Service, are reaching non-technical threat actors and requiring minimal investment;
  6. Cyberscams, because of the pandemic, more people are conducting transactions and working from home online; and
  7. Cryptojacking, as the value of cryptocurrencies increases.
  1. 59% of the security incidents investigated by Mandiant last year were initially detected internally by the organizations themselves (12% better than in 2019).
  2. Ransomware has evolved and now employs various extortion tactics.
  3. FIN11, a financially motivated threat group, was responsible for widespread phishing campaigns and extortion operations.
  4. The median dwell time dropped as threat actors capitalized on pandemic-related shifts in work/home life.
  5. UNC2452, an uncategorized state-sponsored group, engaged in a broad espionage campaign after injecting a backdoor dynamic-link library (DLL) into the SolarWinds Orion process.
  6. 63% of attackers used techniques outlined in the MITRE ATT&CK framework, and 5% of intrusions used over 1/3 of MAF techniques.
  7. Threat actors exploited vulnerabilities in the infrastructure supporting work at home.

This report focused on botnet Command and Control activity and compared the findings from Q1 with Q2. Key figures:

  1. A 594% increase of newly registered botnet C&C domains at NameSilo! This sudden uptick knocked Namecheap out of first place.
  2. Working with the FBI, Spamhaus discovered 1.3 million compromised email accounts; 22,000 compromised domains; and 3,000 compromised networks.
  3. The three hosting providers with the largest abuse problems and/or worst responses to abuse reports are Ipjetable, Google, and Microsoft.

Other significant Spamhaus findings:

Top 20 Most Commonly Used Malware Families (ranked) Function Most Commonly Attacked TLDs (ranked) Top 20 Geo-Locations of C&C Botnet Servers (ranked)
Raccoon dropper .com U.S.
RedLine remote access trojan (RAT) .xyz Russia
AsyncRAT Credential Stealer .buzz Netherlands
Loki RAT .top Germany
Gozi RAT .br France
BitRAT Credential Stealer .vip Latvia
Oski RAT .org U.K.
VjWOrm Credential Stealer .ru Ukraine
NjRAT Credential Stealer .net Switzerland
RemcosRAT e-banking Trojan .cloud Seychelles
NanoCore RAT .tk Czech Republic
AgentTesla RAT .cn Moldova
Tofsee RAT .eu Panama
Arkei RAT .ga Canada
STRRAT credential Stealer .ml Malaysia
CryptoBot credential Stealer .online Poland
CobaltStrike RAT .live Finland
ServeHelper credential Stealer .su Vietnam
IcedID dropper .info Turkey
QuasarRAT dropper .cf Brazil

Organizations

FBI Focus Areas
Advance Fee Schemes
Business Email Compromise
Business Fraud
Charity and Disaster Fraud
Counterfeit Prescription Drugs
Credit Card Fraud
Elder Fraud
Election Crimes and Security
Fraudulent Cosmetics and “Anti-Aging” Products
Funeral and Cemetery Fraud
Health Care Fraud
Identity Theft
Illegal Sports Betting
Internet Auction Fraud
Internet Fraud
Investment Fraud
Letter of Credit Fraud
Market Manipulation (“Pump and Dump”) Fraud
Money Mules
Nigerian Letter or “419” Fraud
Online Vehicle Sale Fraud
Ponzi Schemes
Prime Bank Note Fraud
Pyramid Schemes
Ransomware
Redemption/Strawman/Bond Fraud
Reverse Mortgage Scams
Romance Scams
Sextortion

The following IGOs, NGOs, and U.S. government agencies are key opponents of global cybercrime.[12][13]

Organization Focus Areas
EC Action Against Cybercrime capacity buidling for compliance with Budapest Convention
INTERPOL transnational information sharing
ITU harmonization of technical standards
UNODC thematic reports on transnational crimes;
database of trans/national legislation and case law on cybercrime
APWG industry association combats phishing and Email Spoofing;
data standards and model response systems and protocols
Spamhaus provides real time, actionable threat intelligence to
network operators, corporations, and Cybersecurity vendors
eNASCO child safety online
INHOPE combating child pornography
IWF combating child sexual abuse
The Rand Corporation credible research
CCIPS prosecuting computer and IP crimes
ECTF investigating identify theft, network intrusions;
Business Email Compromise (BEC), and ransomware
C3 technical support for cross-border crime
IC3 cybercrime complaints




References