Answer 1

Cybercrime is defined as a crime where a computer is the object of the crime or is used as a tool to
commit an offense. A cybercriminal may use a device to access a user’s personal information,
confidential business information, government information, or disable a device. It is also a cybercrime to
sell or elIcit the above information online.There are three major categories that cybercrime falls into:
individual, property and government. The types of methods used and difficulty levels vary depending on
the category.

Property: This is similar to a real-life instance of a criminal illegally possessing an individual’s bank or
credit card details. The hacker steals a person’s bank details to gain access to funds, make purchases
online or run phishing scams to get people to give away their information. They could also use a
malicious software to gain access to a web page with confidential information.

Individual: This category of cybercrime involves one individual distributing malicious or illegal
information online. This can include cyberstalking, distributing pornography and trafficking.

Government: This is the least common cybercrime, but is the most serious offense. A crime against the
government is also known as cyber terrorism. Government cybercrime includes hacking government
websites, military websites or distributing propaganda. These criminals are usually terrorists or enemy
governments of other nations.DDoS Attacks

These are Types of Cybercrime

DDoS Attacks

These are used to make an online service unavailable and take the network down by overwhelming the
site with traffic from a variety of sources. Large networks of infected devices known as Botnets are
created by depositing malware on users’ computers. The hacker then hacks into the system once the
network is down.

Botnets

Botnets are networks from compromised computers that are controlled externally by remote hackers.
The remote hackers then send spam or attack other computers through these botnets. Botnets can also
be used to act as malware and perform malicious tasks.

Identity Theft

This cybercrime occurs when a criminal gains access to a user’s personal information to steal funds,
access confidential information, or participate in tax or health insurance fraud. They can also open a
phone/internet account in your name, use your name to plan a criminal activity and claim government
benefits in your name. They may do this by finding out user’s passwords through hacking, retrieving
personal information from social media, or sending phishing emails.

Cyberstalking

This kind of cybercrime involves online harassment where the user is subjected to a plethora of online
messages and emails. Typically cyberstalkers use social media, websites and search engines to
intimidate a user and instill fear. Usually, the cyberstalker knows their victim and makes the person feel
afraid or concerned for their safety.

Social Engineering

Social engineering involves criminals making direct contact with you usually by phone or email. They
want to gain your confidence and usually pose as a customer service agent so you’ll give the necessary
information needed. This is typically a password, the company you work for, or bank information.
Cybercriminals will find out what they can about you on the internet and then attempt to add you as a
friend on social accounts. Once they gain access to an account, they can sell your information or secure
accounts in your name.

PUPs

PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes, but are a type of
malware. They uninstall necessary software in your system including search engines and pre-
downloaded apps. They can include spyware or adware, so it’s a good idea to install an antivirus
software to avoid the malicious download.

Phishing

This type of attack involves hackers sending malicious email attachments or URLs to users to gain access
to their accounts or computer. Cybercriminals are becoming more established and many of these emails
are not flagged as spam. Users are tricked into emails claiming they need to change their password or
update their billing information, giving criminals Prohibited/Illegal Content

This cybercrime involves criminals sharing and distributing inappropriate content that can be considered
highly distressing and offensive. Offensive content can include, but is not limited to, sexual activity
between adults, videos with intense violent and videos of criminal activity. Illegal content includes
materials advocating terrorism-related acts and child exploitation material. This type of content exists
both on the everyday internet and on the dark web, an anonymous network.

Online Scams
These are usually in the form of ads or spam emails that include promises of rewards or offers of
unrealistic amounts of money. Online scams include enticing offers that are “too good to be true” and
when clicked on can cause malware to interfere and compromise information.

Exploit Kits

Exploit kits need a vulnerability (bug in the code of a software) in order to gain control of a user’s
computer. They are readymade tools criminals can buy online and use against anyone with a computer.
The exploit kits are upgraded regularly similar to normal software and are available on dark web hacking
forums.

EXAMPLE

Ransomware has become a top threat to international security and a global challenge requiring a
coordinated response. As institutions across sectors increasingly become targets, a single attack can
rapidly spread across borders, much like the 2017 WannaCry ransomware attack that affected 150
countries. It is expected that the impact of such an attack in 2021 could be even more severe leading to
vast losses, devastating blows to critical infrastructure, and the generation of further funding for illegal
activities.

Managing systemic cybersecurity risk is already a major challenge for which individual action is not
enough. In order to tackle the vulnerability of the ecosystem, a fundamental shift towards a collective
response is needed from society, government and organizations. Only through such a coordinated
approach can we hope to turn the tide of these attacks.

Answer 2

Email bombing and spamming

Email bombing is characterised by an abuser sending huge volumes of email to a target address resulting
in victim’s email account or mail servers crashing. The message is meaningless and excessively long in
order to consume network resources. If multiple accounts of a mail server are targeted, it may have a
denial-of-service impact. Such mail arriving frequently in your inbox can be easily detected by spam
filters. Email bombing is commonly carried out using botnets (private internet connected computers
whose security has been compromised by malware and under the attacker’s control) as a DDoS attack.

This type of attack is more difficult to control due to multiple source addresses and the bots which are
programmed to send different messages to defeat spam filters. “Spamming” is a variant of email
bombing. Here unsolicited bulk messages are sent to a large number of users, indiscriminately. Opening
links given in spam mails may lead you to phishing web sites hosting malware. Spam mail may also have
infected files as attachments. Email spamming worsens when the recipient replies to the email causing
all the original addressees to receive the reply. Spammers collect email addresses from customer lists,
newsgroups, chat-rooms, web sites and viruses which harvest users’ address books, and sell them to
other spammers as well. A large amount of spam is sent to invalid email addresses.

Sending spam violates the acceptable use policy (AUP) of almost all internet service providers. If your
system suddenly becomes sluggish (email loads slowly or doesn’t appear to be sent or received), the
reason may be that your mailer is processing a large number of messages. Unfortunately, at this time,
there’s no way to completely prevent email bombing and spam mails as it’s impossible to predict the
origin of the next attack. However, what you can do is identify the source of the spam mails and have
your router configured to block any incoming packets from that address.This a technique of extracting
confidential information such as credit card numbers and username password combos by masquerading
as a legitimate enterprise. Phishing is typically carried out by email spoofing. You’ve probably received
email containing links to legitimate appearing websites. You probably found it suspicious and didn’t click
the link. Smart move.The malware would have installed itself on your computer and stolen private
information. Cyber-criminals use social engineering to trick you into downloading malware off the
internet or make you fill in your personal information under false pretenses. A phishing scam in an email
message can be evaded by keeping certain things in mind.

Phishing

This a technique of extracting confidential information such as credit card numbers and username
password combos by masquerading as a legitimate enterprise. Phishing is typically carried out by email
spoofing. You’ve probably received email containing links to legitimate appearing websites. You
probably found it suspicious and didn’t click the link. Smart move.

How phishing can net some really interesting catches

The malware would have installed itself on your computer and stolen private information. Cyber-
criminals use social engineering to trick you into downloading malware off the internet or make you fill
in your personal information under false pretenses. A phishing scam in an email message can be evaded
by keeping certain things in mind.

Look for spelling mistakes in the text. Cyber-criminals are not known for their grammar and spelling.

Hover your cursor over the hyperlinked URL but don’t click. Check if the address matches with the one
written in the message.

Watch out for fake threats. Did you receive a message saying “Your email account will be closed if you
don’t reply to this email”? They might trick you by threatening that your security has been
compromised.
Attackers use the names and logos of well-known web sites to deceive you. The graphics and the web
addresses used in the email are strikingly similar to the legitimate ones, but they lead you to phony
sites.

Not all phishing is done via email or web sites. Vishing (voice phishing) involves calls to victims using
fake identity fooling you into considering the call to be from a trusted organisation. They may claim to
be from a bank asking you to dial a number (provided by VoIP service and owned by attacker) and enter
your account details. Once you do that, your account security is compromised. Treat all unsolicited
phone calls with skepticism and never provide any personal information. Many banks have issued
preemptive warnings informing their users of phishing scams and the do’s and don’ts regarding your
account information. Those of you reading Digit for long enough will remember that we successfully
phished hundreds of our readers by reporting a way to hack other people’s gmail accounts by sending
an email to a made up account with your own username and password… and we did that years ago in a
story about , yes, you guessed it, phishing!

Denial-of-Service attack

A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny service to intended users of
that service. It involves flooding a computer resource with more requests than it can handle consuming
its available bandwidth which results in server overload. This causes the resource (e.g. a web server) to
crash or slow down significantly so that no one can access it. Using this technique, the attacker can
render a web site inoperable by sending massive amounts of traffic to the targeted site. A site may
temporarily malfunction or crash completely, in any case resulting in inability of the system to
communicate adequately. DoS attacks violate the acceptable use policies of virtually all internet service
providers.

Another variation to a denial-of-service attack is known as a “Distributed Denial of Service” (DDoS)

attack wherein a number of geographically widespread perpetrators flood the network traffic. Denial-of-
Service attacks typically target high profile web site servers belonging to banks and credit card payment
gateways. Websites of companies such as Amazon, CNN, Yahoo, Twitter and eBay! Are not spared
either.