technical Report
Cybercrime
I. Abstract
Cyber crime is a key resource of issues like hacking, phishing and scams and it has become widespread in the global context. With the growing technological aspects, the skills of cyber criminals are also developed synchronously. However, the IT industry has implicated many effective resolutions that are equally efficient to restrict these criminals from their wrong doing.
II. Keywords: Cyber criminal, hacking, phishing, industry
III. Introduction
Crime is a matter of concern for the whole world and gradually, the form of crime has been changed with the modernisation and emerging technology. Digitalisation has become an unavoidable necessity for the industry as most of the work takes place online. Subsequently, the data used in the business process completely relied on the digital environment. Technological innovation has generated a platform which is misuse by some of the people and consecutively, Cyber crime has been created. The purpose of this report is to make the target audience aware of different forms of cyber crime that can violate the protocol of organisation and cause a data breach. Likewise, the objective of this study is to reveal various methodologies which can be implemented to mitigate the issue of data residing in the online platform.
A cyber crime comprises computers and devices that are used as a tool by the criminal to access the stored information with the help of the internet. The crime can happen with an individual or a group and the same crime incident might happen with governmental organisations. It has been noted that billions of money is accessed by the cyber criminal every year.
IV. Different forms of Cyber Crime
Differences are developed in Cyber crime on the basis of intention that a criminal possesses for the victim. Likewise, type of target made by the criminal also defines the form of cyber crime and every form is identified by various names, Hence, the descriptions of various forms of cyber crime are given below:
1. Spamming: The accused person sends multiple messages to hundreds and thousands of users at a single time. Generally, the aforementioned messages are sent with a motive to promote the product in the market. As the number of messages is very huge and therefore, the cyber criminal does not target a single person. However, certain types of groups are targeted by the Spammer where the characteristics of all the persons are the same individually. For instance, the all the customers who got the spam mail of products have stronger financial background.
Figure 1: Diagram of Spamming
(Source: Petkova, 2019)
The above diagram shows the process of spamming where thousands of messages and emails are sent to the people regarding a certain product. Hence, the above figure shows the worst scenario of spamming which became feasible to implement by the cyber criminal only because of availability of internet connectivity.
2. Internet Piracy
Piracy is a process of duplication where the characteristics of original products are stolen by the cyber criminals (Oganyan, Vinogradova & Volkov, 2018). Here, products refers to the software application which is copied by unauthorised person. The phenomenon of reproducing and distribution of copied versions of software applications without the intention or information to the original makers defines the internet piracy. The intention of criminals is to fulfill their monetary or commercial purpose by making the software easily available to the public. The main challenge in this cyber breach is the support of the public as they are benefitted from the internet piracy. Hence, the government or federal bureau cannot easily catch the criminal easily. On the other hand, the original maker has to face loss in the market even after making the application effective to fulfill the purpose of common people.
3. Targeting the type of audiences
Cyber criminals target people on the basis of the psychology that varies from one person to another. Vulnerabilities of people are the main tool of these cyber criminals who use their intelligence to trap the victim so as to access their personal information. For instance, the people with transparent nature used to believe other people in a very easy manner. Hence, criminals can easily cheat these people by convincing them for sharing information or to conduct any activities. These people are also termed as gullible. Cyber criminals of the aforementioned type are difficult to find out. Preemptive moves must be made by the law on the off chance that they realize who is probably going to perpetrate wrongdoing just as who is probably going to be focused on (Rajput, 2020). On a more clear level, phishes are best ready to trick such individuals into purchasing their tricks or being brought into legitimate snares. Spammers send numerous email messages to reaped email addresses and the guileless fall prey to the substance of the email. Usually, older people get easily trapped by cyber criminals because they remain less aware of the current scenario.
Some of the people are more inclined to money making in a short cut way and they become easy prey for the cyber criminals. Criminals send mails with the message of winning the lottery and these people easily share all their personal details to unknown and unauthorised people just to make money. Sometimes victimization takes place by mapping the victim to a legal trap so that criminals can fetch money easily without any law-in-order issue.
There is one more group of people who are victimized easily by these people that are not technically comfortable. As these people use the internet in a very less amount, they are not much aware of the online environments and cyber crime incidents. Hence, these people get easily victimized by the cyber criminal.
Figure 2: Diagrammatic representation of Victimization by Cyber Criminal
(Source: By Learner)
4. Password Attack
Phishing is a sort of friendly designing assault frequently used to take client information, including login qualifications and Visa numbers. It happens when an aggressor, taking on the appearance of a confided in substance, tricks a casualty into opening an email, text, or instant message. The beneficiary is then fooled into clicking a vindictive connection, which can prompt the establishment of malware, the freezing of the framework as a component of a ransomware assault or the noteworthy of delicate data (Chiew, Yong & Tan, 2018).
An assault can have wrecking results. For people, this incorporates unapproved buys, the taking of assets, or distinguishing robbery.
Man-in-the-middle is another type of attack that hackers implement to steal the password information. In this attack, an uncompromised person or group resides themselves in between the two compromised people or a group. Usually, applications are used as a tool for accessing the information of credentials. The same method can be used to hack the system password also. Brute force attack, dictionary attack are some of the cyber attacks to steal the information.
Figure 3: Different types of Cyber Attacks
(Source: By Learner)
V. Major Steps one should take to prevent Cyber crime
V.1 Software updates protects from data breach
As opined by Mathur et al. (2018), software update seems a very casual activity to most of the people that gives a feeling it to do anytime according to one’s wish. On the contrary, negligence to update the software and patches might lead the organisation or institution toward victimization by the cyber criminals. For instance, Equifax data breach is a great example of negligence for software updates where criminals successfully hacked the social security number, phone number and home address. Cyber criminals are always in the search of loopholes or vulnerability in the software applications so that they can make a successful attack.
On the contrary, updating the software would automatically resolve the existing vulnerabilities of software and browsers. In addition, updating software makes it reluctant to virus or malware attack that can be done via software applications, any link by email or any message. Likewise, an updating of software and patches would enhance the compatibility of applications with other devices. Subsequently, the user experience gets better in case when software is updated correspondingly whenever new versions are launched. Innovativeness of modern technology facilitates the industry as well as institutions to update the software application through mobile devices very easily by incorporating auto-updates.
V.2 Protection to software by antivirus
Antivirus is a software application that needs to be installed in the workstations in order to perform the work without getting affected by virus or malware. Antivirus is mainly used to protect information from the unauthorised accessibility and subsequently, a data breach is prevented by this software. Hence, it can be said that antivirus is installed to keep the computer away from cybercriminals. Antivirus not only protects the computer online but the security is also given in the offline mode. The function of antivirus is very effective where it scans files, browsers and web pages and tries to exploit any loophole in the form of virus or malware. Once, the issue has been identified, the antivirus eliminates that virus or malware from the computer (Nazarenko et al., 2019).
Beside the removal of viruses from the computer, it is important for the user to update the antivirus software so as to enhance the compatibility with the device. In addition, cyber threat is a constantly emerging factor for the computer system and business information. Therefore, updating the old antivirus software application into a new one would improve its capacity to deal with newly introduced viruses by cyber criminals. On the other hand, if the antivirus would not be updated then it would become difficult for software to detect any virus or eliminate it from the computer.
Figure 4: Use of Ant viruses in percentage
(Source: Nazarenko et al., 2019)
The above figure shows the percentage of use of various antiviruses and among all these Symantec corporation antiviruses have been found to be at second highest percentage after other.
V.3 Use Strong passwords
Passwords play an important role in securing data and computer systems from outside cyber attack. With the growing use of the internet, the knowledge of people also increases to a sufficient amount that they can crack a simple password. Hence, it increases the likelihood of hacking the system and conducting a data breach by the cyber criminals (Glory,et al., 2019).
As programmers become more ingenious and information breaks proceed, basic passwords are not, at this point an adequate answer for secure records. Make your secret key long, solid and complex. That implies in any event twelve characters, blended in with capitalized and lowercase letters, numbers and images. Maintain a strategic distance from basic words, expressions or data in your passwords.
Try not to reuse passwords utilized on different records. Make solid passwords for each record so that if programmers bargain one record, they can't get to different records.
V.4 Never access Spam email
Opening an email has a mutual impact on the computer system and therefore, the user must be conscious about the spam email and it should never be opened. Once the spam email opened, the whole computer system would get infected with malware and ransomware. Ransomware is that defect in the computer created by the cyber criminals where an amount of money is asked against clearing the device.
V.5 Never click on the suspicious website
Clicking or tapping a connection in an email, text or on a site is consistently somewhat of a bet. On the opposite end could be the data you need to see, or it very well may be a vindictive site, infection filled download or wrong substance.
V.6 Restrict personal information to share
Cyber crime is based on the faith of people that makes one to share personal information in the unknown online platform. Using a strong and complicated credential would restrict the criminal to access the personal information. In addition, hackers search for the public wifi so as to access some systems. Therefore, a person or any authority of organisation must avoid the public wifi to connect from their own personal computer system to get the internet connectivity. It would prevent the unauthorised element from getting one’s personal data.
Advanced technology of today provided an efficient platform to people where personal information can be shared without any hesitation. Social media is also a target platform for the hacker when they want to collect personal information about some person or group of people. Likewise, the clicking on the unknown link might redirect the user to a form page where personal information can be asked. Hence, these unknown links must be avoided by the user so as to sustain the secrecy of personal information in the online platform.
V.7 Monitor the bank account
Most of the hackers target the bank account and try to access that by implementing various means. Hence, a proper monitoring of bank accounts would enhance the awareness among the people and organisation against the impact of hacking in a computer system. A user can track the bank account through logging in the bank website. It is a very traditional method which can be followed anytime without facing many issues. After clicking any unknown link or opening any spam email, a user can track the bank account through the website.
In addition, the bank industry has taken a great initiative for monitoring the account by launching an app in the market. Hence, the user can install these bank apps to monitor the current and past transactions that happened after the person interacted with a malicious website or link. Beside aforementioned solutions, the user can check the bank transaction details from the ATM machine.
VI. Cyber Security or Network security
Cyber security is that technical phenomenon which is used for securing the multiple computers works as a single unit in the organisation. The other term used for cyber security is network security in order to signify the multiple elements into one single unit. Organization Security shields your organization and information from penetrates interruptions and different dangers. This is a tremendous and all-encompassing term that portrays equipment and programming arrangements just as cycles or rules and designs identifying with network use, openness, and in general danger security.
Organization Security includes access control, infection and antivirus programming, application security, network investigation, kinds of organization related security (endpoint, web, remote), firewalls, VPN encryption and that's only the tip of the iceberg (Sinha et al., 2017).
Organization Security is essential in ensuring customer information and data, keeping shared information secure and guaranteeing solid access and organization execution just as assurance from digital dangers. An all around planned organization security arrangement decreases overhead costs and shields associations from exorbitant misfortunes that happen from an information penetrate or other security occurrence. Guaranteeing authentic admittance to frameworks, applications and information empowers business activities and conveyance of administrations and items to clients.
Firewall is one of those devices in a network that authenticates the incoming and outgoing data packets among the routers and switches. Subsequently, when any suspicious data packets travels in a network and try to access the computer system. The firewall restricts that suspicious internet packet and prohibits it to enter in the system.
Figure 5: Diagram of Network Security for multiple system
(Source: Sinha et al., 2017)
VII. Cyber Security Techniques
VII.1 Access Control and password security
Access control is that protocol that keeps the data secured by improvising the protocols in a network of organisation. The protocol manages the accessibility in the system by defining who can see the information and to what extent an individual can see the information. The regulations also define the resources which outlines a particular environment for establishing network security. Access control is used to mitigate the probability of data breach in the business environment of industry. Generally, the access control is divided into two forms and these are physical access control and logical access control. Physical access control refers to the regulations on accessibility for rooms, building and other IT assets. On the contrary, logical access control is used to limit the connectivity among the computer systems.
Likewise, password security emphasizes the user or organisation to set complex passwords. It also indicates the encryption concept of password which emphasizes the organisation or institute to implement the advanced method of cryptography in their systems. It would make it very difficult for the hacker to access the system and unauthorised elements became unable to access data.
VII.2 Authentication of data
Data is the main element for organisations that helps in running the business process in an efficient manner. On the other hand, data breaches contaminate the business information (Zkik, Orhanou & El Hajji, 2017). Therefore, authentication of data becomes very important for the industry. In this process, the purity of data is measured in the whole lifecycle by which data crosses the different phases. Hence, an integrity of data is also evaluated properly in the organisation and the same process sometimes reveals the deviations. Subsequently, the probability of some intrusion was also exploited while implementing this process. In this process, the validity of origin is also measured from where the data is getting transmitted.
Figure 6: Diagrammatic representation of Data authentication process
(Source: Zkik, Orhanou & El Hajji, 2017)
VII.3 Malware Scanner
Malware scanner is an efficient tool that is used to scan each and every file whosoever enters the computer system to figure out any existence of virus in the file code or any malicious element. The scanning process starts at the moment when the file enters the computer system. The code gathered is shipped off an information base that contains the infection marks. In this cycle, the code is contrasted with the codes recorded in the information base. In the event that it coordinates with any of the infection codes or signature, the stage gets back with a decision that the record is noxious.
When distinguished as a danger, the counter malware erases it right away. This strategy is called Signature-Based Detection. It utilizes an infection mark to recognize malware. This distinguishes malware effectively since the stage contains practically all the infection codes that exist out there.
VII.4 Firewalls
As the concept of Firewalls mentioned in the above discussion that internet signals or data packets are accessed only if it meets the set protocols. Hence, it completely depends upon the organisation or institutions who set the regulation framework for accessing data and blocking data packets. Thus, it can be said that Firewall acts as a barrier to suspicious data packets that might be sent by the cyber criminals. Therefore, firewalls are the most preferred method adopted by the industries and people. IP address of the server and port number of the computer systems is important key elements used for the configuration of Firewall in the network security (Diovu & Agee, 2017).
However, Firewalls can either be programming or equipment, however it's ideal to have both. A product firewall is a program introduced on every PC and directs traffic through port numbers and applications, while an actual firewall is a piece of gear introduced between your organization and access point.
VII.5 Anti-virus Software
Antivirus programming checks a document, program, or an application and contrasts a particular arrangement of code and data put away in its information base. In the event that it discovers code that is indistinguishable or like a piece of known malware in the data set, that code is considered malware and is isolated or taken out.
Conventional discovery based antivirus items have had a solid hang on the security market for quite a long time. Be that as it may, as of late, because of a dramatic ascent in cybercrime and malware, these customary antivirus have been delivered insufficient against many arising dangers. Today, programmers are preferably prepared over numerous network protection organizations, with their own quality investigation labs and entrance apparatuses to check if their new malware tests are being identified with contraband multi-motor filtering locales. Whenever recognized, programmers adjust the code and play out a similar test until the malware goes undetected.
VII.6 Backup and Restore Procedures
Backup and restoration process refers to the method that industry implements to sustain the quality of data and enhance its security. In these practices, the user copies the information into the secondary memory of the computer system. The copying of information takes place in a periodic manner. Hence, any kind of data breach and contamination by the cyber criminal can be easily managed by the industry through backup and restoration procedure.
VII.7 Disaster Recovery Plan
Disaster Recovery plan (DRP) indicates a document that has all the details of instruction for the emergency situation in order to keep the function or work continued. Likewise, the document can also contain the instructions on the prior stage for cyber criminal attack or data breach. Consequently, disaster recovery plans can be used for protecting the system from data contamination specifically in the industries or even institutions.
Figure 7: Diagram for Data Recovery Plan
(Source: Alseiari, 2020)
VII.8 Risk Assessment Procedure
Risk assessment procedure is also a generic method like DRP which can be implemented to identify the hazards raised from the cyber criminal attack in the prior stage. Finally, documentation takes place to record the findings and interpretations.
VIII. Conclusion
From the above analysis, it has been concluded that cyber crime is a very complex and huge problem. The problem is not only for the IT industry but also comprises the institutions wherever the computer systems are used to store information. Subsequently, modern technology possesses resolutions that can mitigate the challenges raised from cyber crime.
References
Alseiari, A. F. A. (2020). Investigation Into Business Continuity And Disaster Recovery Plan Within The Adnoc Onshore In UAE. Systematic Reviews in Pharmacy, 11(12), 1793-1800.
Chiew, K. L., Yong, K. S. C., & Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106, 1-20.
Diovu, R. C., & Agee, J. T. (2017, November). Quantitative analysis of firewall security under DDoS attacks in smart grid AMI networks. In 2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON) (pp. 696-701). IEEE.
Glory, F. Z., Aftab, A. U., Tremblay-Savard, O., & Mohammed, N. (2019, October). Strong Password Generation Based On User Inputs. In 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (pp. 0416-0423). IEEE.
Mathur, A., Malkin, N., Harbach, M., Peer, E., & Egelman, S. (2018). Quantifying users' beliefs about software updates. arXiv preprint arXiv:1805.04594.
Nazarenko, M. A., Gorobets, A. I., Miskov, D. V., Muravyev, V. V., & Novikov, A. S. (2019). Antivirus software and industrial cyber security system certification in Russia. Российский технологический журнал, 7(1), 48-56.
Oganyan, V. A., Vinogradova, M. V., & Volkov, D. V. (2018). Internet piracy and vulnerability of digital content. European Research Studies Journal, 21(4), 735-743.
Petkova, L. (2019). SECURITY’S LEAKS IN SEO SPAMMING. Knowledge International Journal, 35(3), 987-991.
Rajput, B. (2020). Cyber Economic Crime Typology. In Cyber Economic Crime in India (pp. 79-96). Springer, Cham.
Sinha, P., Jha, V. K., Rai, A. K., & Bhushan, B. (2017, July). Security vulnerabilities, attacks and countermeasures in wireless sensor networks at various layers of OSI reference model: A survey. In 2017 International Conference on Signal Processing and Communication (ICSPC) (pp. 288-293). IEEE.
Zkik, K., Orhanou, G., & El Hajji, S. (2017). Secure mobile multi cloud architecture for authentication and data storage. International Journal of Cloud Applications and Computing (IJCAC), 7(2), 62-76.