1.

Evaluate trends and patterns in typology of cyber crimes

1) Introduction
The advances in science and technology has given us information,
communication and digitization technologies, With this increasing
technology, the crimes related to technology are also increasing The reason
behind this tremendous growth in cyber-crime is the usage of inadequate
software, expired security tools, design flaws, programming errors, easily
available online hacking tools, lack of awareness in public, high rates of
financial returns, etc.
Cybercrime is a term used to broadly describe criminal activity in which
computers or computer networks are a tool, a target, or a place of criminal
activity and include everything from electronic cracking to denial of
service attacks. It is also used to include traditional crimes in which
computers or networks are used to enable the illicit activity Generally,
cybercrime includes a wide range of illegal activities such as : cyber
bullying, cyber terrorism, identity theft, cyber stalking, virtual
pornography (via the Internet), cyber espionage (illegally obtaining
confidential data), computer hacking, computer fraud, online harassment,
phishing, online piracy, blackmailing proceeding, cyber extortion, spam
attacks, copyright infringement, computer virus programs (installing
malicious software programs such as Trojan horse viruses). Beyond
inherent advantages, global liberalization and international integration
provide a conducive environment for obtaining reprehensible illegal
benefits based on complex activities related to cyber crimes, especially in
terms of emerging countries.
Cybercrime has become a large threat to the business, national security and
for the common man. Cybercrime is a global phenomenon and cybercrime
does not respect geographical boundary, Cybercrime has surpassed illicit
drug trade as global top revenue earner for organised crimes.
2) Categories of Cybercrimes
Cybercrimes can be categorized based on who’s affected by the digital
crime as below: 1. Cybercrime against individuals: This is the one that
directly affects any person or their properties. Examples of this type of
cybercrime include but are not limited to: social engineering, phishing,
email harassment, cyberstalking and spreading illegal adult materials.
2. Cybercrime against companies/organizations: This is one of the most
common types of cyber crime today. When a company’s online presence
or any of its products are hacked, it becomes a serious problem that can
result in a big number of consequences for the company, as well as their
employees, associates and customers. Examples include data breaches,
cyber extortion and warez distribution, etc.
3. Cybercrime against society: This one affects society as a whole, for
example: financial crimes against public organizations, selling illegal
products, trafficking, online gambling, forgery, etc.
4. Cybercrime against government: This is one of the worst world’s
worst types of cyber crime and can result in prosecution by federal
cybersecurity and law enforcement agencies. It’s also known as cyber
terrorism, and includes such activities as breaking into government
systems and networks, defacing and shutting down military websites, and
spreading propaganda.
3) Impacts of Cybercrimes
As businesses store more of their and their customers' data online, they are
becoming increasingly vulnerable to cyber thieves. Dealing with online
criminals increases cybersecurity costs, which may ultimately trickle down
to consumers in the form of higher prices. Companies lost $1.8 billion to
cybercrime in 2019, according to business insurer Hiscox. Few businesses
are safe, and big companies with a big online presence are heavily
targeted. Companies in the energy, financial services, manufacturing,
technology, and pharmaceutical sectors endured the heaviest losses as per
Hiscox report. Here is a look at some of the most important ways
cybercrime can Impact people and businesses today:
1. Increased Costs: Companies that want to protect themselves from
online thieves have to pull out their wallets to do so. According to
Hiscox, 6% of companies paid a ransom in 2019, creating $381
million in losses. Firms may incur any number of outlays,
including:
 Cybersecurity technology and expertise
 Notifying affected parties of a breach
 Insurance premiums
 Public relations support
2. Operational Disruption: In addition to actual financial damages,
companies often face indirect costs from cyberattacks, such as the
possibility of a major interruption to operations that can result in
lost revenue. Cybercriminals can use any number of ways to
handcuff a company’s normal activities, whether by infecting
computer systems with malware that erases high-value
information, or installing malicious code on a server that blocks
access to your website.
3. Altered Business Practices: Cybercrime can impact businesses in
more than just financial ways. Companies have to rethink how they
collect and store information to ensure that sensitive information
isn't vulnerable. Many companies have stopped storing customers'
financial and personal information, such as credit/debit card
 numbers, national identity card details (Aadhar, PAN etc), and
birth dates. Some companies have shut down their online stores out
of concern they cannot adequately protect against cyberattacks.
Customers are also more interested in knowing how the businesses
they deal with handle security issues, and they are more likely to
patronize businesses that are up front and vocal about the
protections they have installed.
4. Reputational Damage: Although tough to fully quantify,
companies that fall victim to larger cyberattacks may find their
brand equity significantly tarnished. Customers, and even
suppliers, may feel less secure leaving their sensitive information
in the hands of a company whose IT infrastructure was broken at
least once before.
5. Lost Revenue: One of the worst outcomes of a cyberattack is a
sudden drop in revenue, as cautious customers move elsewhere to
protect themselves against cybercrime. Companies can also lose
money to hackers who try to extort their victims.
6. Stolen Intellectual Property: A company’s product designs,
technologies, and go-to-market strategies are often among its most
valuable assets. Intangible assets accounted for 87% of the value of
S&P 500 companies in 2015, according to intellectual property
advisory Ocean Tomo. Much of this intellectual property is stored
in the digital format usually in cloud, where it's vulnerable to
cyberattacks.
4) Trends of cyber crimes
Evaluating the trends of cybercrimes in India provides valuable insights
into the evolving nature of digital threats, the effectiveness of existing
legal and regulatory frameworks, and the challenges faced by law
enforcement agencies in combating cybercrimes. Below are some key
trends in cybercrimes observed in the Indian context:
Rapid Increase in Incidents:
India has witnessed a rapid increase in cybercrimes in recent years, driven
by factors such as the growing internet penetration, digitalization of
services, and the proliferation of smartphones and other connected devices.
According to reports from the National Crime Records Bureau (NCRB),
cybercrimes registered a significant rise over the past decade, reflecting the
expanding threat landscape in cyberspace.
Financial Frauds and Online Scams:
Financial frauds and online scams are among the most prevalent types of
cybercrimes in India. Phishing attacks, credit card frauds, online banking
scams, and investment frauds target individuals and businesses, leading to
financial losses and reputational damage. The ease of conducting
transactions online and the lack of awareness about cybersecurity best
practices make users vulnerable to such fraudulent activities.
Identity Theft and Data Breaches:
Identity theft and data breaches pose significant risks to individuals'
privacy and security in India. Cybercriminals steal personal information,
such as Aadhaar numbers, PAN cards, and banking credentials, through
various means, including phishing, malware, and social engineering
tactics. Data breaches affecting government agencies, financial institutions,
and e-commerce platforms have raised concerns about data security and
regulatory compliance.
Cyberbullying and Online Harassment:
Cyberbullying and online harassment have become pressing issues,
particularly among the younger population in India. Social media
platforms, messaging apps, and online forums serve as mediums for
cyberbullies to target individuals with abusive messages, threats, and
derogatory content. Incidents of cyberbullying have led to psychological
distress, social isolation, and, in extreme cases, self-harm or suicide among
victims.
Cyber Attacks on Critical Infrastructure:
India's critical infrastructure sectors, including energy, transportation, and
healthcare, are vulnerable to cyber attacks that could disrupt essential
services and jeopardize public safety. The increasing digitization of critical
infrastructure systems, such as power grids, transportation networks, and
healthcare facilities, has expanded the attack surface for cybercriminals.
The potential consequences of cyber attacks on critical infrastructure
underscore the need for robust cybersecurity measures and risk mitigation
strategies.
Emergence of Cyber Extortion and Ransomware:
Cyber extortion and ransomware attacks have emerged as significant
threats to businesses and organizations in India. Cybercriminals use
ransomware to encrypt sensitive data or block access to computer systems,
demanding ransom payments in exchange for decryption keys or
restoration of services. High-profile ransomware attacks targeting
government agencies, educational institutions, and healthcare providers
have highlighted the disruptive and costly nature of such incidents.
Social Media Misuse and Fake News Propagation:
The misuse of social media platforms for spreading fake news,
misinformation, and hate speech has become a growing concern in India.
Malicious actors exploit social media networks to disseminate false
information, incite violence, and manipulate public opinion for political or
ideological purposes. The spread of fake news has the potential to incite
communal tensions, undermine democratic institutions, and erode trust in
media and public discourse.
Challenges in Law Enforcement and Prosecution:
Law enforcement agencies in India face various challenges in investigating
and prosecuting cybercrimes effectively. These challenges include the lack
of specialized cybercrime investigation units, inadequate infrastructure and
resources, limited technical expertise, jurisdictional issues, and delays in
legal proceedings. Strengthening the capacity of law enforcement agencies,
enhancing collaboration with international partners, and improving legal
frameworks are essential for addressing the complexities of cybercrimes in
India.
5) Emerging trends in cyber crimes across the world
Cybercrime is the fastest growing crime across the world and the global
cost could exceed $6 trillion by end of 2021 and reach 10.5 trillion by 2025
as per the Cybersecurity ventures report on cybercrime. If that total amount
is a country’s GDP, it’s next only to the income of the US and China. As
technology keeps evolving at a rapid pace, so do cybercrooks. Apart from
newer forms of cyber threats, even the oldest tricks in the book are not
completely useless for these cybercriminals. They take these tricks out of
the box and make modifications and updates to bypass security measures
especially created for them.

Some of the common emerging trends of cybercrime across the world

include:
1. Pandemic-Related Phishing: Cybercriminals have been using the
pandemic narrative to peddle fear and con individuals to provide them
access to sensitive information. One example was recorded in the UK.
Elderly people received emails and calls that promised them Covid-19
vaccination as long as they provide the data that the email sender or caller
asked (Infosec, 2021). Another such email campaign even uses the name of
CDC to con people in US(CDC, 2020).Google’s Threat Analysis Group
shared that they blocked 18 million Covid-19 themed emails that contained
phishing links and malware downloads per day (Security Magazine, 2020).
2. Ransomware Attacks: Ransomware remains one of the biggest threats
on the web today. First coming into the fore in 2017 with the effects of
global campaigns NotPeya and WannaCry, reports show that the number
of ransomware attacks doubled in 2018, hitting 10.5 billion globally. In the
following year, however, that figure decreased to 9.9 billion (SonicWall,
2020).In 2020, 51% of organizations were hit by a ransomware attack;
threequarters of which resulted in data becoming encrypted. As a result,
26% of victims paid the ransom to get their data back. Unfortunately, 1%
of those who did so did not have their data freed and released back to them
(Sophos, 2021).
3. Increase in Business Email Compromise(BEC) Attacks: The first
half of 2020 saw a 200% increase in BEC attacks (Bitdefender, 2020). The
targets of these cyberattacks were businesses that frequently dealt with
suppliers abroad and who exchange money online. To commit this kind of
cybercrime, hackers pose as vendors, suppliers, or customers, they are able
to hijack money exchanges and redirect those to their own accounts.
4. Mobile Malware: In the third quarter of 2020, Iran, Bangladesh, and
Algeria topped the list of countries with the most mobile malware attacks.
The report shows that 30.29% of mobile users in Iran experienced a mobile
malware attack. Bangladesh and Algeria follow closely behind, with
17.18% and 16.28%, respectively of mobile users reporting mobile
malware (Securelist, 2020). Last 2020, the Microsoft 365 Defender
Research Team uncovered a new Android malware, which fully disabled
the use of Android devices and forced individuals to pay the ransom to
gain back control (Microsoft, 2020).
5. Cyberactivism: Cyberactivists are the online equivalents of protesters
fighting for a particular agenda. One of their main purposes is to interrupt
the website operations of a company or an organization as a way of getting
across their messages to the higher-ups. In 2010, a group of cyber activists
who claimed to be part of Anonymous executed a DDoS attack on PayPal
in response to PayPal’s shutdown of payment services to WikiLeaks. The
group of hackers called Anonymous publicly listed names that were related
to Jeffrey Epstein and his clandestine activities. This action was in
response to the killing of George Floyd (AS, 2020).
6. Artificial Intelligence(AI) and Internet of Things(IoT) in
Cybercrime: With the advent of IoT devices, AI is predicted to commit
more cybercrimes than actual people in the year 2040. AI and IoT are
gradually making things easier for cybercriminals. Any device that can be
connected to the Internet carries the risk of getting hacked. And with the
rapid growth of the technological advancements in the AI aspect, IoT
devices are facing security issues that seem to have no solutions as of yet.
7. Supply Chain Attacks: While supply chain attacks are not the most
common cybercrime, they are still extremely damaging. These can occur
when cybercriminals find a weakness or a number of vulnerabilities in an
organization’s ecosystem, particularly through third-party systems.A most
damaging supply chain attack happened to Solar Winds in 2020. The
company deals in system management tools that are widely used by IT
professionals, the most popular of which is Orion NMS. Hackers exploited
the configurations of the software, inserted malware into SolarWinds’s
servers, which was packaged as part of an update. This effectively allowed
the threat group to get inside the systems of all organizations using Orion
NMS, among which are the US Department of Defense and 425 names in
the US Fortune 500 (SANS Institute, 2020).
8. Data Breaches: Data breaches happen daily, and it is one of the biggest
cyber threats on the web today. Every year, the number of data breaches
continues to increase. Just between January and September 2019, more
than 7.9 billion data records were breached. This figure was a 33%
increase from 2018. In the first quarter of 2020 alone, there was a 273%
rise in incidents. From this alone, we can surmise that data breaches are
most likely going to continue and may become more damaging in the
coming years. (IdentityForce, 2020). Sony Pictures came under attack in
2014 as it prepared to release “The Interview,” a comedy which depicted
an assassination attempt on North Korean leader Kim Jong Un. Hackers
pilfered sensitive information, including embarrassing e-mails and
performance evaluations from its staff. As a result, Sony Pictures pulled
the film from most theaters in favor of an online release, a move that cost it
$30 million, according to the National Association of Theater Owners.
6) Emerging trends in cyber crime in India
With Digital India program and necessity created due to corona pandemic,
India is embarking its journey towards digital economy. The pace of
digitization of financial transactions in India continues to gather pace, It is
estimated that noncash payment transactions, which today constitute 22
percent of all consumer payments, will overtake cash transactions by 2023.
India recorded an alarming increase of 63.5% in cyber crime cases in the
year 2019 and most Indian firms experienced more than a 25% rise in
cyber threats or alerts amidst the move to work from home owing to the
pandemic. India, with over 624 million internet users as of January, 2021,
is the second-largest internet population in the world. Cyber crimes in
India caused Rs.1.25 lakh crore loss in 2019, Number of cyber crimes
reported across India in recent years:
As per Government of India's report n 2019, highest number of cybercrime
cases were registered in Karnataka (12,020) closely followed by Uttar
Pradesh (11,416), Maharashtra (4,967), Telangana (2,691) and Assam
(2,231). Among the Union Territories, Delhi accounted for 78% of
cybercrime, in 60.4% of cases, registered fraud was the motive followed
by sexual exploitation (5.1%) and causing disrepute (4.2%). As per the
data, in metropolitan cities, a total of 18,372 cases were registered,
showing an increase of 81.9%. Listed below are some of the recent and
prominent cyber attacks in India thereby reflecting emerging trends in
cybercrime in India include:
1. As India aims to find its way out of the pandemic by accelerating the
vaccination process, cybercriminals jump on the opportunity by
misguiding and tricking users into downloading fake cowin and
aarogyasetu apps. Through which malware is installed to steal the personal
and financial information of users.
2. The data of millions of India’s flagship airline customers, Air India, was
compromised in one of the biggest cyber-attacks in 2021. Confidential
information such as passport details, ticket information, and credit card
data of more than 4.5 million customers was compromised.
3. In 2018, Pune witnessed a cyber-attack on the Cosmos bank, which
shocked the entire banking sector. Hackers siphoned off Rs 94.42 crore by
hacking into the bank’s ATM server and took details of many debit
cardholders.
4. Around mid-2018, the ATM servers of Canara bank were targeted in a
cyber attack. The cybercriminals store nearly Rs 20 lakhs from various
bank accounts. Hackers used skimming devices to steal information from
300 debit cardholders. The imposters had targeted 50 victims, and the
stolen money ranged from Rs 10,000 to Rs 40,000.
5. In November 2020, India’s leading online grocer BigBasket has
allegedly suffered a massive data breach in which details of over 20
million users, including their names, email ids, addresses and phone
numbers, might have been leaked on the dark web.
6. A group of hackers demanded a ransom of Rs 10 crore from a
Ghaziabad man and threatened to circulate his obscene pictures and
personal details of his family if he fails to meet their demands.
7) Patterns in typology in cyber crimes
Patterns in the typology of cybercrimes refer to recurring themes or
common characteristics observed across different categories of cyber
offenses. These patterns provide insights into the methods, motives, and
targets of cybercriminals, helping law enforcement agencies,
policymakers, and cybersecurity professionals to identify and address
emerging threats effectively. Below are some key patterns observed in the
typology of cybercrimes:
Exploitation of Vulnerabilities:
A prevalent pattern in cybercrimes involves the exploitation of
vulnerabilities in software, hardware, or human behavior. Cybercriminals
exploit weaknesses in computer systems, networks, or applications to gain
unauthorized access, execute malicious code, or steal sensitive
information. Common vulnerabilities targeted by cybercriminals include
unpatched software, misconfigured systems, weak passwords, and social
engineering tactics.
Cross-Border Nature:
Many cybercrimes exhibit a cross-border nature, with perpetrators
operating from jurisdictions different from their targets. The borderless
nature of cyberspace allows cybercriminals to launch attacks from
anywhere in the world, making it challenging for law enforcement
agencies to investigate and prosecute offenders. Transnational cybercrimes
such as online fraud, phishing scams, and distributed denial-of-service
(DDoS) attacks often involve coordination between multiple actors located
in different countries.
Anonymous and Pseudonymous Activity:
Cybercriminals frequently engage in anonymous or pseudonymous
activities to conceal their identities and evade detection. They may use
anonymity tools such as virtual private networks (VPNs), proxy servers,
and anonymous cryptocurrencies to obfuscate their digital footprints and
obscure their origins. The use of pseudonymous online personas and fake
identities further complicates efforts to attribute cybercrimes to specific
individuals or groups.
Economic Incentives:
Economic motivations drive many cybercrimes, with offenders seeking
financial gain through illicit means. Cybercriminals may engage in
activities such as online fraud, identity theft, ransomware attacks, and
cryptocurrency mining to generate revenue. The anonymity and scalability
of cyberspace make it an attractive environment for monetizing
cybercriminal activities, leading to the proliferation of financially
motivated cybercrimes.
Social Engineering Tactics:
Social engineering tactics play a significant role in many cybercrimes,
leveraging psychological manipulation to deceive individuals or
organizations into disclosing sensitive information or performing actions
against their interests. Common social engineering techniques include
phishing, pretexting, baiting, and spear phishing. Cybercriminals exploit
human vulnerabilities such as trust, curiosity, and fear to trick victims into
divulging credentials, clicking malicious links, or downloading malware.
Emergence of Insider Threats:
Insider threats, where individuals within an organization misuse their
access privileges for malicious purposes, constitute a significant pattern in
cybercrimes. Insiders may include employees, contractors, or trusted
partners who intentionally or inadvertently leak sensitive information,
sabotage systems, or engage in fraudulent activities. Insider threats pose
unique challenges to organizations, as perpetrators often have legitimate
access to systems and may evade traditional security measures.
Complexity and Coordination:
Many cybercrimes exhibit a high degree of complexity and coordination,
involving multiple actors and intricate techniques. Advanced persistent
threat (APT) groups, organized cybercrime syndicates, and state-sponsored
actors often employ sophisticated tactics and resources to achieve their
objectives. Cybercrimes such as targeted attacks, data breaches, and
espionage operations require meticulous planning, technical expertise, and
collaboration among perpetrators.
Impact on Critical Infrastructure:
Cybercrimes targeting critical infrastructure sectors such as energy,
transportation, and healthcare pose significant threats to national security
and public safety. Attacks on critical infrastructure can disrupt essential
services, cause economic damage, and jeopardize the lives of citizens.
Cybercriminals may exploit vulnerabilities in industrial control systems
(ICS), supervisory control and data acquisition (SCADA) systems, or
internet-connected devices to disrupt operations or cause physical harm.
8) Response of the world to increasing cybercrime
There are no borders in cyberspace – threats and attacks can come from
any location at any time, posing challenges for police because incidents
may involve suspects, victims and crimes spanning multiple countries. The
complex nature of cybercrime, as one that takes place in the borderless
realm of cyberspace, is compounded by the increasing involvement of
organized crime groups. Perpetrators of cybercrime, and their victims, are
often located in different regions, and its effects ripple through societies
around the world. This highlights the need to mount an urgent, dynamic
and international response. Listed below are some of the some of the
efforts or the response to increasing cyber crime and emerging trends by
different countries , international organisations and India include:
 The Council of Europe Convention on Cybercrime (CETS No. 185) of
2001, often referred to as the Budapest Convention was brought into force
in November 2011. It is considered to be the legal framework of reference
for combatting cybercrime, including attacks against information systems.
The Convention was the first international treaty on crimes committed via
the Internet and other computer networks, dealing particularly with
infringements of copyright, computer-related fraud, child pornography and
violations of network security. As of 5 February 2019, 62 countries and 10
major international organisations are parties to the Convention, India is not
a signatory to this.
 The UN Office of Counter-Terrorism has a Global Programme on
Cybercrime provides focused technical assistance for capacity building,
prevention and awareness raising, international cooperation and analysis
on the phenomenon, principally in developing countries. It aims to enhance
capacities of Member States and private organizations in preventing cyber-
attacks carried out by terrorist actors against critical infrastructure. The
project programme also seeks to mitigate the impact and recover and
restore the targeted systems should such cyber-attacks occur.
 International Police(INTERPOL) works with different countries to
strengthen the ability of countries to combat cybercrime and work together
as a region and internationally. They help coordinate transnational
cybercrime investigations and operations worldwide. They help to tackle
cybercrime using intelligence development, investigative support and
operational coordination and also help connect law enforcement authorities
with the private sector and other partners who can provide valuable data or
support.
 India has taken many steps in response to emerging trends in cyber crime
and some of those steps include:
 The Information Technology Act of 2000 governs computer and
internet-related offences, and the Act also punishes them.
 Cyber-crime cells also known as Cyber Cells are a one-stop-shop for
combating and addressing cybercrime. Cyber-crime is now a criminal
offence involving online stalking, online banking or credit card
scams, hacking, and the spread of software viruses. Cyber Cell is the
response to Cyber Crime. The central cyber cell interfaces with
people via https://www.cybercrime.gov.in/ and many states have
established cyber cells at state level like Karnataka interface through
www.cyberpolicebangalore.nic.in
 Indian Computer Emergency Response Team(CERT-In) is the
national nodal agency for responding to computer security incidents
as and when they occur. In the recent Information Technology
Amendment Act 2008,CERT-In has been designated to serve as the
national agency to perform the following functions in the area of
cyber security.
 Cyber Police is a central wing and operates through
www.cyberpolice.nic.in, this acts a central portal through which
different investigative and law enforcement agencies interact with
each other and share information
 National Cyber Security Policy, 2013: Created with the vision to
build a secure and resilient cyberspace for citizens, businesses and
Government by Ministry of IT and Electronics. Its mission is to
 protect information and information infrastructure in cyberspace,
build capabilities to prevent and respond to cyber threats, reduce
vulnerabilities and minimize damage from cyber incidents through a
combination of institutional structures, people, processes, technology
and cooperation.
 Ministry of Electronics and IT has developed and shared Cyber
Crisis Management Plan (CCMP) with all Ministries/ Departments of
Central
 Government, State Governments and their organizations and critical
sectors, to deal with with cyber related incidents o by rapid
identification, o information exchange, o swift response and remedial
actions o to mitigate and recover from malicious cyber related
incidents impacting critical national processes and Government
sector organizations.
 The Cyber Surakshit Bharat programme was launched in 2018 to
educate & enable the Chief Information Security Officers (CISO) &
broader IT community to address the challenges of cyber security in
partnership with Industry consortium

9) Conclusion
The typology of cybercrimes is multifaceted and constantly evolving,
presenting complex challenges to legal systems worldwide. In the Indian
context, the proliferation of technology has led to an escalation in cyber
threats, necessitating proactive measures to combat cybercrimes
effectively. By analyzing trends and patterns in cybercrime typology and
evaluating the legal frameworks in place, policymakers and law
enforcement agencies can devise strategies to mitigate risks and safeguard
cyberspace. However, addressing the dynamic nature of cyber threats
requires continuous monitoring, adaptation, and collaboration between
stakeholders at the national and international levels.