Articles by the cybersecurity community

Showing posts with label cybercrime. Show all posts
Showing posts with label cybercrime. Show all posts

What is #cybercrime?

When cybercrime s mentoned people may immediately think of malware, others may think phishing, however cybercrime is far more than that. Cybercrime is crime against technology or crime enabled by it. This means that as well as perhaps the more obvious crimes of malware and phishing, it encompasses online fraud, unauthorised modification or destruction of data, romance fraud, tech support or remote access scams,  child abuse material, and a range of other crimes.



Remember that anyone can become a victim of cybercrime, nobody is immune. Also be wary of victim blaming, as a cybercrime victim needs support, the only people to blame ar ethe criminals.

All of us that understand tech and cybercrime need to be part of the solution and help help each other, our friends, families,colleagues, and total strangers to stay safer from cybercrime. Anyone can become a victim of cybercrime, the fall out of cybercrime to victims and their famiies and/or businesses can be huge. Please be part of the fight against cybercrime. Be kind to each other, support each other, and help everyone stay safer in the online world.



#Cybercrime - cryptojacking

Have you heard of the virtual currency called cryptocurrency?  There seems to be a new one everyday! It started with Bitcoin in 2009, and in 2021 according to Investopedia * there are more than 4000. Below is a list of the five that seem to be more publically known. 

  • Bitcoin (launched 2009)
  • Litecoin ( launched 2011)
  • Dogecoin (launched 2013)
  • Monero (2014)
  • Ethereum (launched 2015)

Cryptocurrency transactions and verification involve complex calculations using a lot of computer power.  People can allow their computers to participate in this activity, like little elecronic accountants and auditors, to try to earn fractions of virtual currency as a reward for doing the calculations. This is called cryptomining. It takes a lot of computer 'brain energy' to cryptomine and actually earn anything, so criminals wanting to take advantage of the rise in virtual currency have taken to cryptojacking, 

Cryptojacking is where criminals trick someone into downloading  a type of malware that sneakily uses the infected computer to mine for virtual currency. Sometimes the cryptojacking could go on for a very long time, and the only sign it is there is that the person's computer is going slow. A computer can become infected with cryptojacking software via a variety of ways including: through malicious links in emails, inadvertantly downloading it from a compromised website, or by downloading an app that has been compromsed or is masquerading as legitmate software.

Ways to help keep your computer safer from cryptojacking

  • Use a reputable anti-virus solution and ensure it is kept up to date
  • Keep your operating system and software patched and up to date
  • Consider using a reputable browser extension that blocks cryptomining
  • Be cautious what software or apps you download
  • Be cautious about clicking links in emails

_______________________

(*) https://www.investopedia.com/tech/most-important-cryptocurrencies-other-than-bitcoin/

#Phishing - Microsoft Teams

 #Cybercrime - beware of spoofed Microsoft Teams emails. Similar to the recent spate of Dropbox phishing that appear to be form a colleague sending a file via Dropbox, these emails look like a notification from a colleague via Teams and request the recipient to log in via the supplied link to see the message. The link/s in the message goto a #phishing page made to look like a Microsoft Teams log in page. These phishing emails are designed to obtain Microsoft log in credentials.

** What can you do? **

  • All users of technology need to remain vigilant against cybercrime.
  • When you receive an email with a link to a log in page, consider NOT clicking that link, instead goto the page yourself with a URL you know/find yourself.
  • If you have inadvertently been tricked by phishing, change your password/s immediately.

Guest Post - Shelly Mills - Cyber crime - who is committing it?

Thanks to my colleague Shelly Mills  for writing this post on the people behind cybercrime.

Have you ever wondered who is responsible for data breaches, viruses, phishing scams, and so on?  

The people who are responsible for cyber security incidents are called Cyber Threat Actors. And the way in which they get to you is called an Attack Vector (examples of attack vectors include malware, social engineering, vulnerabilities in software – basically, any method Cyber Actors use to access data). 

So, who are the people carrying out cyber crimes?   

A few common cyber threat actors are detailed below.  

Hacktivists 

Who are they? Political activists that capatilise on the capabilities of the internet, and use technology to promote their agenda. Prominent examples are WikiLeaks and Anonymous.
Motivation: political.
Aim: Their aim is usually disruption, broadcasting information, and gaining attention for their cause.
Common attack vectors: Distributed Denial of Service (DDoS), website defacement.  

Nation-State Cyber Actors 

Who are they? Nation-State actors work for governments or receive direction/funding/assistance from nation-states.
Motivation: political, espionage, economic, military.
Aim:  steal industry information or research, gain information on another government/policy plans, disrupt critical infrastructure
Common attack vectors: Spear-phishing, social engineering, targeted malware 

Criminal Cyber Actors 

Who are they? Criminal cyber actors are, simply, criminals. They use the cybers to enable them to commit crime more efficiently and effectively. They may be lone wolves or work in groups, such as organised crime syndicates.
Motivation: financial gain.
Aim: use the internet to assist in committing their crime. 
Common attack vectors: Social engineering, phishing, Business Email Compromise (BEC), password attacks, malware, ransomware, botnets. 

....................................................................................................................................


#Cybercrime - Five points to consider



1. Anyone can fall victim to cybercrime. None of us are immune. Never believe yourselves to be above being scammed, as criminals can exploit that false sense of security.

2. Cybercrime is more than scams and malware, it also encompasses other cyber enabled criminal activities such as child exploitation.

3. Stay aware and share your knowledge of cybercrime, malware, scams, and other cyber enabled criminal activity to support others to also be vigilant.

4. The victims of cybercrime are not at fault, the criminals are. Let's change the narrative & stop victim blaming.

5. Collaborate to harden our communities against cybercrime.