Cybercrime is the term for illegal activity involving the use of computers by individuals.

These
include identity theft, dissemination of child pornography, privacy issues, fraud, and intellectual
property offenses. Because computers are used so extensively in government, entertainment, and
business, the importance of cybercrime has grown on the internet. While emerging technologies
create new channels for criminal activity, they frequently do not result in completely new types
of criminal conduct. The use of digital computers is the main way that cybercrime differs from
more conventional forms of criminal activity. It is necessary to recognize that technology alone
is insufficient to create a distinct boundary between different domains of unlawful conduct
(Dennis, 2023).

Cybercriminals have become more skilled and are targeting not just corporate and public
organizations but also individuals with their attacks. Inadequate cybersecurity measures are to
blame for the rise in cybercrimes. Cybercrimes entail victims who are both the computer and the
individual who is using it. Unauthorized downloads are only one of the many actions that fall
under the umbrella of cybercrimes. To protect sensitive data, several governments and countries
are now adopting strict cybersecurity rules. People must receive cybersecurity training in order to
protect themselves from the growing threat of cybercrimes (Kaur, 2018).

Email scams are among the many types of cybercrimes that can take many misleading shapes.
Phishing emails trick receivers, and social engineering techniques pressure individuals into
disclosing private information, such credit card numbers, or sending money to the attacker.
Phishing schemes are a common kind of email frauds, in which scammers impersonate reputable
companies. Social media fraud is another type of crime that includes dishonest behavior on sites
like Facebook, Instagram, TikTok, and Twitter. Scams including impersonation, social
engineering, catfishing, and fake internet storefronts are a few examples. Social media fraud
frequently takes advantage of user trust, inexperience, and the propensity to overshare personal
information online. Deceptive actions directed towards financial institutions, clients, and
stakeholders are referred to as Banking fraud. These fraudulent activities, which use advanced
hacking and social engineering techniques, can result in significant financial losses or identity
theft. Examples include internet banking frauds, skimming ATMs, and credit card fraud (Anon.,
2023).
An illegal cyber activity that aims to compromise a cyber asset's security measures and cause
damage, interference, or interruption to the services or information access linked to that
particular national cyber property is called a cyber-attack. It entails the intentional use of a
cyberweapon against a system of information, which leads to a cyber incident (Li & Liu, 2021).

Cyberattacks can aim for a variety of goals and are intentionally designed to do harm. One clear
motivation is financial gain, particularly when it comes to cyberattacks against enterprises
carried out by hackers. These assaults usually target sensitive data, including employee or
consumer credit card numbers, which gives hackers the opportunity to use the identities they
have stolen to their advantage for material or financial gain. Cyberwarfare also refers to the open
and covert cyberattacks carried out by countries across the world, frequently as a component of
ongoing political, economic, or social battles. Cybercriminals also use disruption and retaliation
as a reason for their actions, hoping to sow doubt, disarray, uncertainty, and disorder. These acts,
often affect not just government authorities but also commercial or charitable groups, may be
motivated by a desire for revenge or as a way to publicly damage the reputation of targeted
entities (Gillis & Pratt, 2023).
Q1. Identify about 3 – 5 recent cybercrimes/cyberattacks case studies or scenarios online and briefly
discuss the incident and its impact. (Provide References).

The recent cyberattack which took place over the years are:-

1. SolarWinds Supply Chain Attack (2020)

With its main office located in Tulsa, Oklahoma, SolarWinds is a major software company that
provides network and infrastructure monitoring system management solutions to several
enterprises worldwide. The Orion IT performance monitoring system is one of its prominent
features. SolarWinds Orion has special access to IT systems because of its function as an IT
monitoring tool, which enables it to gather log and system performance data. Because of its
favorable position and broad acceptance, SolarWinds was a desirable and profitable target
(Oladimeji & Kerner, 2023).

 Incident Overview - A very complex supply chain attack was discovered in 2020 and
was aimed at SolarWinds, a company that specialized in developing software for network
administration and monitoring. The attackers were able to get into SolarWinds' software
update system and spread malicious updates to many companies.
 Impact - The attackers, who are thought to have been supported by a state, gained illegal
access to several government offices, IT firms, and other establishments. This incident
demonstrated the vulnerability of software supply chains and the potential for widespread
exploitation from a single breach.

2. Colonial Pipeline Ransomware Attack (2021)

One of the biggest and most important oil pipelines in the United States was built in 1962 and is
called the Colonial Pipeline. This 5,500-mile pipeline was built to make it easier to move oil
from the Gulf of Mexico to the states along the East Coast. It begins in Texas and travels all the
way up to New Jersey, where it is essential in supplying over half of the gasoline for the East
Coast. The Colonial Pipeline, with its headquarters located in Alpharetta, Georgia, specializes in
the distribution of refined oil for use as home heating oil, jet fuel, and gasoline (Kerner, 2022).

 Incident Overview - A ransomware attack occurred in May 2021 at the Colonial

Pipeline, a significant petroleum pipeline operator in the United States. The company's
 computers were locked by individuals associated with the DarkSide ransomware
organization, who demanded a fee to unlock the encryption key.
 Impact - There were fuel shortages in several US states as a result of the attack, which
forced Colonial Pipeline to stop operating. This event raised concerns about the effects of
ransomware on essential services and demonstrated how vulnerable critical infrastructure
is to cyberattacks.

3. Baltimore City Government Ransomware Attack (2019)

The ransomware attack that struck the Baltimore City Government in May 2019 is a notable
example of a cyber event, and its long-lasting effects are still a topic of discussion when it comes
to cybersecurity and ransomware attacks on local governments (Fabritius, 2019).

 Incident Overview - A ransomware assault on Baltimore, Maryland's computer systems

in May 2019 disrupted many municipal services, including online payments, email, and
real estate transactions. The ransomware that was specifically implicated in this outbreak
was identified as "RobbinHood."
 Impact - The city's operations were significantly impacted by the ransomware outbreak,
which led to widespread disruptions and monetary losses. Residents experienced delays
and difficulties as a result of the temporary suspension or severe limits of several
municipal services. There was a noticeable decrease in the city's ability to process
payments and complete transactions, which resulted in further operational challenges and
negative economic effects.
Q2. Identify and explain the primary motives of the cyber criminals in the cybercrimes/cyberattacks
context you have identified in Q1.

1. SolarWinds Supply Chain Attack (2020)

The SolarWinds Supply Chain Attack principal motives were (Jones, 2021)

a. Information Gathering and Espionage

 Objectives - The attackers attempted to conduct cyber espionage by breaking into the
networks of notable targets, which included government organizations and tech
companies, to get illegal access to private data.
 Method - The attackers were able to effectively distribute malicious updates to a wide
range of enterprises by breaching the software supply chain, namely the SolarWinds
Orion software upgrades. The infected software gave the attackers backdoor access to the
affected PCs during installation.
b. Establishment of Extended Presence and Persistent Access:
 Objectives - The attackers wanted to establish and maintain lengthy access to the
infiltrated networks so they could gather intelligence covertly and covertly for a long
time without being discovered.
 Method - The SolarWinds Orion software was compromised by inserting a backdoor
called "Sunburst" or "Solorigate". The attackers were able to go laterally through the
network and get confidential information without raising any red flags right away
because to this hidden access point.
c. Maintaining Covert Activities and Preventing Identification:
 Objective - The attackers wanted to stay under the radar for as long as possible to
maximize their intelligence-gathering efforts and avoid being linked to a specific threat
actor.
 Method - The attackers demonstrated a high degree of skill by employing techniques to
avoid detection, get around security measures, and hide their presence in the infiltrated
networks. This included strategies like utilizing real credentials and picking targets
carefully to reduce the chance of raising red flags.
 2. Colonial Pipeline Ransomware Attack (2021)

The May 2021 cyberattack on the Colonial Pipeline, which was carried out by the DarkSide
ransomware group, was primarily motivated by financial gain. What motivated the attackers was
the desire for financial gain (Research, 2021)

a. Monetary Coercion using Ransomware

 Objective: The main goal was to use coercion to obtain financial compensation. The
criminals employed the DarkSide ransomware strain to cryptographically lock Colonial
Pipeline's computer infrastructures and datasets, so hindering their ability to operate.
 Method: In exchange for providing Colonial Pipeline with the necessary decryption tool
to enable the recovery of the encrypted assets and systems, the malefactors demanded a
monetary ransom. These ransomware techniques involve encrypting important data or
infrastructures, with the perpetrators demanding payment, frequently in cryptocurrency,
for the restoration of the encrypted material.
b. Leveraged Strategy: Operational Disruption
 Objective: By hindering Colonial Pipeline's ability to operate, the attackers hoped to
increase their leverage and make it more urgent for the company to comply with their
financial demands.
 Method: Colonial Pipeline was forced to implement a temporary operational halt to
investigate and resolve the ransomware infiltration. Fuel distribution was affected in
several areas as a result. The disruption of critical infrastructure components, namely in
the energy distribution networks, highlighted the necessity for the business to consider
paying the ransom to expeditiously resume regular operations.
c. Risk of Information Leak and Divided Coercion
 Objective: In certain ransomware attacks, attackers not only encrypt data but also
threaten to release private data to the public if the ransom is not paid in full. An approach
to split coercion like this increases the pressure on the target to comply with the demands.
 Method: Like some of its ransomware comrades, the DarkSide group was known for
stealing data before it was encrypted. They then used the threat of revealing this private
information if the affected party refused to pay the ransom. This complex form of
 coercion encourages organizations to consider paying a ransom to prevent sensitive
information from being revealed.
3. Baltimore City Government Ransomware Attack (2019)

The ransomware's main goals in executing the cyberattack against the Baltimore City
Government were (Labs, 2019)

a. Economic Incentive: Financial goals are often at the center of ransomware attacks. The
attackers hope to obtain financial gain from the impacted organization by encrypting
critical information and then demanding a ransom for the key to unlock it.
b. Espionage and Information Theft: Occasionally, hackers may use ransomware as a
front for more complex espionage operations that aim to collect private information or
breach government systems without authorization.
c. Opportunistic Attacks: Some ransomware attacks follow opportunistic guidelines,
targeting vulnerable systems with financial gain as their primary goal. Hackers profit
from known flaws in cyber-defense systems or vulnerabilities in the system.
Question 5
Briefly discussions of the legal frameworks and challenges faced by law enforcement agencies to arrest
and prosecute cyber criminals.