See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/331010726

Literature review on Cyber Crimes and its Prevention Mechanisms

Technical Report · February 2019

DOI: 10.13140/RG.2.2.16573.51684

CITATIONS READS

2 42,937

1 author:

Annamalai Lakshmanan
Universiti Sains Malaysia
10 PUBLICATIONS 9 CITATIONS

SEE PROFILE

All content following this page was uploaded by Annamalai Lakshmanan on 11 February 2019.

The user has requested enhancement of the downloaded file.

Annamalai Lakshmanan
Literature review on Cyber Crimes and its Prevention
Mechanisms
Annamalai Lakshmanan
National Advanced IPv6 Centre
Universiti Sains Malaysia,
Penang, Malaysia
annamalai_123@student.usm.my
Abstract— Cybercrimes is defined as the criminal
activities carried out by means of using digital devices like
computers through internet. Basically, a crime committed
by using the internet is called as a cyber-crime. Now a
day’s, information is wealth and also to earn money in an
illegal way, cyber-attacks are happening, and data is been
stolen from the servers or money is been stolen in an illegal
way. So, this paper describes the list of cyber threats
happened around the world until now and its prevention
mechanisms. Also, the cyber threat predictions in the
upcoming year is also discussed in the final section and
cyber threat analysis for January 2019 is also been
discussed.
Keywords— Cyber Crimes, malware, cyber-security,
cyber banking, cyber-attacks, cyber security - Internet,
Mail, Removable devices, Network folders, Phishing,
Cyber-crimes in India, Information Technology Act –
2000, Intelligence, DDoS, Mitigation techniques.
I. INTRODUCTION
Cyber-crime has been reported as one of the top four
economic crimes perceived by all organizations. [1]
According to an ASSOCHAM report the number of cyber-
crimes all over the world will reach to a higher level to earn
money in an illegal way. The statistics from the surveys shows
how the Cyber-crime has been increasing at an alarming rate
all over the world. What is cybercrime? Webopedia defines
Cybercrime as "any criminal act dealing with computers and
networks (called hacking)”. [2] Cybercrime is a range of
illegal digital activities targeted at organizations in order to
cause harm. [3] The simplest possible definition given by
Norton Company is “Cybercrime is simply a crime that has
some kind of computer or cyber aspect to it”. [4] According to
Norton, for every 3 seconds someone’s identity is stolen as a
result of cybercrime. Cyber-crimes do not consider any
boundaries or territorial barriers. Making the cyber world safer
is the major concern to all the stakeholders. In this regard,
every country will have its own Cyber law or Internet law to
control the cybercrimes in their countries. Indian government
also framed such law which is called the Information
Technology Act, 2000 [5]. This act is meant for legal
recognition for transactions carried out by means of electronic
1
data interchange and other means of electronic communication
and applies to whole India. The top five crime heads [5] in
decreasing order is as follows:
• Loss or Damage to computer resource or utility
• Obscene publication/transmission in electronic form
• Hacking
• Tampering computer source documents
• Breach of confidentiality or privacy
The paper will give an overview of cybercrimes registered
and persons arrested on cybercrime charges. Also, it describes
the prevention techniques for some cyber-crimes happened
until now. In final section, cyber threat analysis and its
predictions in the upcoming year is also been discussed.
II. CYBER CRIMES CASE STUDIES
The below are the list of cyber-crimes happened around the
world with full description.
1. Threat to cyber banking in South Africa [6]
Most banks in South Africa use the mainframe computer to
process their customers’ data. The reason for the use of
mainframe computer is that the computer can perform
largescale data processing in a self-contained structure instead
of having individual computers to process small junk of data.
Another advantage of the mainframe computers is that
they offer virtualization which allows the creation of multiple
logical computers within a single mainframe to work together.
Mainframe computers are most often larger than servers
because of the redundancy in its design and components that
allow for high availability as well as scalability. Some
components of the mainframe computer such as disks and
interface adapters can be replaced or upgraded without the
server been shut down. The challenges that banks face when it
comes to cyber security are as followed:
• The downtime of systems
• Protection of customer’s information
• Maintenance of reputation in the industry
• Protection of critical infrastructure
Cyber criminals often exploit less developed countries due
to weak security controls and then use these exploitations to
target more developed countries to gain access to big
multinational companies. If the cyber banking security is
compromised, the cyber security of the entire country could be
Annamalai Lakshmanan
compromised, thus leading to some serious breaches [6].
Check Point, a security firm recently portrayed South Africa
as one of the most targeted countries by cyber criminals in
January 2016. According to its Threat Cloud Map of the
countries most targeted by cyber criminals in January 2016,
South Africa jumped from position 67 to position 22 [6].
According to Check Point, phishing attacks have increased
targeting video-on-demand users, who are often tricked into
passing on their logon credentials under the disguise that their
accounts need to be updated. This phishing attacks are often
delivered by spam emails with attachments that install
malware on the user’s computer system. Malware includes
viruses, worms, or any other exploitation software. The
modern malware seeks to copy data from one location to
another in order to gain access to protected resources or
information.
From the Symantec Intelligence Report of February 2014
South Africa in the month of February 2014 recorded the
highest rate of phishing attacks with 1 in every 668 emails
identified as a possible phishing scam. Also 1 in every 2 of all
South African emails traffic were identified as spam [6]. South
Africa was ranked 7th in the top 10 sources of phishing and
geographically South Africa was ranked 1st in the top 5
phishing destination. The RSA Anti-Phishing Service recorded
a total of 1942 new phishing attacks in South Africa with a net
potential loss of about $6,828,072 between January and June
2012.
Fig 1. The Microsoft Security Intelligence of 2014 – South
Africa
The Microsoft Security Intelligence Report indicates that
the most common category of malware was worms and about
8.3% of computers in South Africa were affected in the 4 th
quarter of 2014. There was a drop from 10.2% from 3rd
quarter of 2014 [6]. The second and third most common
malware in South Africa were Trojans and Obfuscators &
Injectors respectively. There were drop to 3.4% from 4.9%
and 2.3% from 2.7% respectively. Potentially unwanted
software was the second on the list of the most common
category. This category affected about 30% of all computers
that were cleaned. Adware came third on the list with about
19% affected of all the computers that were cleaned in South
Africa as shown in figure 1. The South African government
has also passed legislations, Policies, Acts, Regulations, to
help combat the surge of cybercrimes.
2
PREVENTION MECHANISM – [6] Proposed a system that
would utilize an authentication/authorization mechanism, and
firewall to provide boundary security that would defend the
banking space periphery. The firewall would be configured to
filter network traffic based on the information in the packet
header. This information is defined and managed by the policy
manager.
2. Stealing of Credit and Debit Card Information [7]
In 2007 three men have been indicted for hacking into
cash registers machine at Dave & Buster's restaurant locations
in the US stealing data from thousands of credit and debit
cards. That data that was later sold and caused more than
$600,000 in losses. One from Ukraine and other from Estonia
hacked into cash register machines at 11 Dave & Buster's
locations and installed "sniffer" programs to steal payment
data as it was being transmitted from the point-of-sale
terminals to the company's corporate offices. Later the same
men were charged with similar a breach at TJMax. Some
Analysts estimated the losses at TJ Max at more than USD$1
Billion [7]. An inspector with the U.S. Postal Inspection
Service alleged one of the three men was a major reseller of
stolen credentials [7]. Notably all the three men were arrested
while visiting two countries, which actively co-operate with
US law enforcement Turkey and Germany and not at home in
Eastern Europe.
3. Blue Security DDoS Attacks [7]
In 2006 Blue Security was an anti-spam company based in
Israel and California. It had an original idea to stop spam.
They would send requests to stop sending spam to spammers
each time they sent spam to their customers. This caused a
lot of problems for the spammers who found they were having
serious capacity issues with Blue Security sending these
messages on behalf of more than 500,000 customers. While
this virtual vigilante system of spamming the spammers was
controversial it was apparently quite legal. The response from
the spammers was a DDoS attack. Blue Security
responded effectively initially but with the time the attack
grew in size and sophistication. Blue Security had to turn to
others for support. When Blue Security got the Prolexic DDoS
protection which washed their traffic the spammers
merely turned their DDos on Prolexis’ DNS which shut them
down and many of their customers who used their service.
The result was Blue Security had to go it alone. Shortly after
and as a result the CEO decided to shut the company down
[7].
4. National Australia Bank and Westpac Bank DDoS
Attacks [7]
While the Blue Security DDoS attacks would appear to
have little nexus to Australia, DDoS as a tool of
retribution has been seen in Australia a number of times. In
October 2006, National Australia Bank (NAB) suffered a
DDos. Information from law enforcement officials indicated
that the attacks were from Russia. Then in September 2007,
Westpac Bank suffered an attack with similar traffic patterns
not long after their new cybercrime response team was
established and operating against phishing attacks [7].
Annamalai Lakshmanan
5. SIM Swap Fraud [8]:
In August 2018, two men from Mumbai were arrested for
cybercrime. They were involved in fraudulent activities
concerning money transfers from the bank accounts of
numerous individuals by getting their SIM card information
through illegal means. These fraudsters were getting the
details of people and were later blocking their SIM Cards with
the help of fake documents post which they were carrying out
transactions through online banking. They were accused of
transferring 4 crore Indian Rupees effectively from various
accounts. They even tried to hack the accounts of a couple of
companies. In this, the fraudsters will get the information of
the customers like their phone number, name, id proof and so
many from an organization or from some public domains.
After that, they were getting the 4G sim card by producing the
required information of customers who uses 3G sim card with
their phone numbers to the telecom company and call the
customer and act as a customer service executive. They will
give 20-digit number which will be written at the back side of
4G sim card and ask the customer key in and activate the 4G
sim card easily. When customers do that, the 3G sim card will
be deactivated and 4G sim card will be activated. But 4G sim
card is still with the fraudsters in which they will perform
bank transactions and receive OTPs.
PREVENTION MECHANISM – [8] Sharing personal
information with unknown applications and domains can help
in minimizing the risk of having your personal information
reaching people with malicious content. Fraudsters use the
victim’s information in various scams and trick them into
fraudulent activities. It is advisable therefore that the site
where an individual is entering his banking or other details
should be verified for authenticity, as scammer uses the fake
site to get the information directly from prospective victims.
Also, the customers are required to activate the sim card if
physically, the sim card is with them.
6. Cyber Attack on Cosmos Bank [8]:
A daring cyber-attack was carried in August 2018 on
Cosmos Bank’s Pune branch which saw nearly 94 Crores
rupees being siphoned off. Hackers wiped out money and
transferred it to a bank which is situated in Hong Kong by
hacking the server of Cosmos Bank. A case was filed by
Cosmos bank with Pune cyber cell for the cyber-attack.
Hackers hacked into the ATM server of the bank and stole
details of many visa and rupay debit cards owners. The attack
was not on centralized banking solution of Cosmos bank. The
balances and total accounts statistics remained unchanged and
there was no effect on the bank account of holders. The
switching system which acts as an interacting module between
the payment gateways and the bank’s centralized banking
solution was attacked. The Malware attack on the switching
system raised numerous wrong messages confirming various
demands of payment of visa and rupay debit card
internationally. The total transactions were 14,000 in numbers
with over 450 cards across 28 countries. On the national level,
it has been done through 400 cards and the transactions
involved were 2,800. This was the first malware attack in
India against the switching system which broke the
communication between the payment gateway and the bank.
3
PREVENTION MECHANISM – [8] Hardening of the
security systems by limiting its functions and performance
only to authorized people can be the way forward. Any
unauthorized access to the network should immediately set an
alarm to block all the access to the bank’s network. Also, to
minimize risk, enabling a two-factor authentication might
help. Through testing, potential vulnerabilities can be fished
out and can make the entire digital part of the banking system
safe.
7. ATM System Hacked in Kolkata [8]:
In July 2018 fraudsters hacked into Canara bank ATM
servers and wiped off almost 20 lakh rupees from different
bank accounts. The number of victims was over 50 and it was
believed that they were holding the account details of more
than 300 ATM users across India. The hackers used skimming
devices on ATMs to steal the information of debit card holders
and made a minimum transaction of INR 10,000 and the
maximum of INR 40,000 per account. On 5 August 2018, two
men were arrested in New Delhi who was working with an
international gang that uses skimming activities to extract the
details of bank account.
PREVENTION MECHANISM – [8] Enhancement of the
security features in ATM and ATM monitoring systems can
prevent any misuse of data. Another way to prevent the
fraudulent activity is to minimize the risk of skimming by
using lockbox services to receive and transfer money safely.
This uses an encrypted code which is safer than any other
payments.
8. Hacking the Websites [8]:
Over 22,000 websites were hacked between the months of
April 2017 and January 2018. As per the information
presented by the Indian Computer Emergency Response
Team, over 493 websites were affected by malware
propagation including 114 websites run by the government.
The attacks were intended to gather information about the
services and details of the users in their network.
PREVENTION MECHANISM – [8] Using a more secure
firewall for network and server which can block any
unauthorized access from outside the network is perhaps the
best idea. Personal information of individuals is critical for
users and cannot be allowed to be taped into by criminals.
Thus, monitoring and introducing a proper network including
a firewall and security system may help in minimizing the risk
of getting hacked.
These are the most common the cyber crimes happened
until now all over the world. In the upcoming section, by using
this cyber crime a short review on a closer look at the “Web of
Profit” is been discussed.
III. WEB OF PROFIT
As said by Nohe, P. (2018) [9], cybercrime has evolved
into an entire economy rife with professionalization and filled
with parallels to legitimate industries. In 2016, the US Federal
Bureau of Investigation estimated that Ransomware payments
would reach $1 billion. Two years later that shows no signs of
Annamalai Lakshmanan
slowing down. Here’s a sampling of some of the highest- COMPANY YEAR HELD NO. OF USERS
profile Ransomware from the past five years as well as how NAME COMPROMISED
much money it made. Yahoo 2013 - 2014 3 - Billion
Under Armour 2018 150 - Million
ebay 2014 145 - Million
EQUIFAX 2017 143 - Million
Facebook 2018 87 - Million
JPMorganChase 2014 76 - Million
PlayStation 2011 77 - Million
Uber 2016 57.6 - Million
The Home Depot 2016 56 - Million
Table 1. Company Name and No. of users compromised with
Fig 2. Ransomware with profits table year happened

As said by Nohe, P. (2018) [9], the theoretical annual
revenues achieved by the cybercrimes are shown below in the
form of table with types of cybercrimes.
Fig 3. Types of cybercrimes with its annual revenue
One of the most interesting aspects of the current
cybercrime economy is the way it’s stratified, with large
operations functioning almost as multi-national corporations
and smaller operations mirroring single proprietor small
businesses. Large cybercrime operations can make profits
totaling over $1 billion per year while smaller operations tend
to make between $30k-$50k. For an individual with the right
skillset, cybercrime can be incredibly lucrative. An individual
cybercriminal can make upwards of half a million dollars in a
year simply by trafficking in stolen data. Like real criminality,
cyber criminals can generally be broken down into levels. Not
every hacker is exceptional. Some, like low-level criminals,
are content to execute petty crimes that don’t pay all that well.
Others are highly specialized and only work when the money
is good.
As said by Nohe P. (2018) [9], the Dutch police shut down
the world’s largest DDoS-for-hire service, “webstressor.org”
and arrested six people behind it. The site had over 136,000
registered users and allowed customers with little or no
technical knowledge to launch a Distributed Denial of Service
attack for about £10. The service was responsible for attacking
seven of the UK’s biggest banks in November of 2017, in
addition to various government institutions and gaming
services. So, based on this value and data, the cybercrimes
will not be stopped and will continue to increase. In the
upcoming section, the threat analysis in the recent period is
been discussed.
IV. THREAT ANALYSIS IN THE RECENT PERIOD
As said in the Kaspersky Lab Analysis [10], the analysis of
threat sources for January 2019 from internet, the percentage
of attacked users is 12.80% and from removable devices is
3.17%. While from Mail is 3.15% and from network folders is
0.30%.

In general, cybercriminals earn about 10-15% more than

their counterparts in traditional crime, with high earners taking
home upwards of $167k per month, middle earners in the $75k
range and low earners making 3.5k per month. Also, while a
talented hacker can make somewhere near to $30k on a job or
two, a platform manager offering multiple card data forums
can earn up to $2 million per month.
MAJOR DATA BREACHES:
The below are the major data breaches that has happened,
and millions and millions of user’s data have been stolen and
sold out for huge profits. In this, cybercriminals want data and
they know were to look and take the data.
Fig 4. Threat sources vs % of attacked users
For industrial computers, the top most attacked countries
with highest percentage for January 2019 is Algeria, Morosco,
Egypt, Vietnam and Indonesia. The total percentage of
industrial computers attacked in the month of January 2019 is
roughly around 22.3%. The below is the graph for Threat
sources and percentage of industrial computers attacked in
January 2019 is shown below.

4
Annamalai Lakshmanan
Fig 5. Top Countries by % of industrial computers attacked
The below is the number of attacked users in terms of % by
using malware platforms is shown. In the malware platforms,
the most used are Visual Basic Script, .NET Framework,
JavaScript, PDF, AutoCAD. The below is the graph which
explains clearly –
Fig 6. Malware platforms vs % of attacked users
V. CONCLUSION
Thus, the cybercrime activities will be increasing in the
upcoming days and will not be stopped. So, a better approach
to stop this cybercrime is to build a powerful system which
can stop this kind of crimes by comprising of powerful
firewall, IDS, SDN Controller and maintenance should be
done periodically. Also, the protection for the customer’s data
should be given higher priority and place it confidentially with
high privacy. The conclusion of this literature review is that
the data is so much important now a days as it can be used to
earn huge amount of money.
VI. REFERENCES
[1] PricewaterhouseCoopers (PwC) “Economic Crime
Survey India Report, 2011
[2] Vangie Beal "definition of Cyber-crime". Retrieved
24th October 2015, http://www.webopedia.com
/TERM/C/cyber_crime.html
[3] KPMG in India, Cybercrime survey report, 2014
View publication stats
[4] Norton "cybercrime definition". Retrieved 24th
October, 2015, http://us.norton.com/cybercrime-
definition.
[5] Kumar, P. N. V. (2016). Growing cybercrimes in
India: A survey. Proceedings of 2016 International
Conference on Data Mining and Advanced
Computing, SAPIENCE 2016, 246–251.
https://doi.org/10.1109/SAPIENCE.2016.7684146
[6] Mbelli, T. M., & Dwolatzky, B. (2016). Cyber
Security, a Threat to Cyber Banking in South Africa:
An Approach to Network and Application Security.
Proceedings - 3rd IEEE International Conference on
Cyber Security and Cloud Computing, CSCloud 2016
and 2nd IEEE International Conference of Scalable
and Smart Cloud, SSC 2016, 1–6.
https://doi.org/10.1109/CSCloud.2016.18
[7] Yu, H., Hou, S., & Lang, L. (2018). The Exploration
of Historical Blocks’ Protection and Renovation
Based on the Theory of City Image. Current Urban
Studies, 06(03), 425–432.
https://doi.org/10.4236/cus.2018.63023
[8] Testbytes.net. (2018). Major Cyber Attacks on India
(2018) - Testbytes. Retrieved August 23, 2018, from
https://www.testbytes.net/blog/cyber-attacks-on-
india-2018/
[9] Nohe, P. (2018). 2018 Cybercrime Statistics: A
closer look at the Web of Profit. Retrieved from
https://www.thesslstore.com/blog/2018-cybercrime-
statistics/
[10] CERT, K. L. I. (2019). Kaspersky Lab ICS CERT _
Kaspersky Lab Industrial Control Systems Cyber
Emergency Response Team. Retrieved September 20,
2001, from https://ics-cert.kaspersky.com/