ChapterPDF Available

Recent Trends in the Era of Cybercrime and the Measures to Control Them

Authors:

Abstract and Figures

This chapter illustrates the understanding of cybercrime, recent trends in cybercrime, and the measures by which these cybercrimes can be eliminated to a considerable extent. The authors discuss various emerging cybercrime techniques, including steganography, next-generation malwares, next-generation ransom wares, social engineering attacks, and attacks using machine learning and IoT devices. Chapter 11 concludes that lack of regulations dealing specifically with e-waste is
Content may be subject to copyright.
9781138571303_Book.indb 242 28/06/18 1:34 PM
243
Chapter 10
Recent Trends in the
Era of Cybercrime
and the Measures
to Control Them
Pooja Kamat and Apurv Singh Gautam
Symbiosis Institute of Technology
Symbiosis International (Deemed University)
Contents
10.1 Introduction ............................................................................................ 244
10.2 Recent Trends in Cybercrimes ..................................................................245
10.2.1 Steganography ..............................................................................245
10.2.2 Next-Generation Malware ........................................................... 246
10.2.2.1 Virtual Machine Awareness ............................................247
10.2.2.2 Polymorphic Malwares ...................................................247
10.2.2.3 Encrypted Malwares .......................................................248
10.2.2.4 Sleeping Malwares ..........................................................248
10.2.3 Next-Generation Ransomware ......................................................248
10.2.4 Social Engineering Attacks ........................................................... 250
10.2.5 IoT and Articial Intelligence in Cybercrime ................................251
10.3 Preventive Measures to Curb Cybercrimes ............................................... 253
10.3.1 General Measures .........................................................................253
10.3.2 Defense against Steganography Crimes.........................................253
9781138571303_Book.indb 243 28/06/18 1:34 PM
244 Handbook of e-Business Security
10.1 Introduction
e recent advancements in technology have made mankind dependent on the
Internet to a large extent. e Internet has found a place in our everyday lives in
terms of communication, online shopping, storing data, online reservation, gam-
ing, etc. However, this overdependency on the Internet has given rise to a number
of cybercrimes. Cybercrimes is a general term wherein the computer is either a tool
or a target or a medium of communication for carrying out criminal activity. is
might include crimes such as phishing, credit card fraud, electronic hacking, distri-
bution of viruses, and other such wrongdoings. It also covers the traditional crimes
in which computers or networks are used to enable the illicit activity. Figure 10.1
illustrates the cybercrime cloud.
10.3.3 Curbing Malware .........................................................................254
10.3.4 Firewall .........................................................................................254
10.3.5 Measures against Ransomware .....................................................254
10.3.6 Guard against Social Engineering Attacks ....................................255
10.3.7 Guard against AI and IoT Attacks ................................................ 255
10.4 Conclusion ............................................................................................... 255
References .........................................................................................................256
Figure 10.1 Cybercrimes.
9781138571303_Book.indb 244 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime 245
10.2 Recent Trends in Cybercrimes
10.2.1 Steganography
Steganography is the art of hiding and transmitting data, including photo, video,
and audio, through apparently innocuous carriers. Steganography hides the mes-
sage, so there is no knowledge of the existence of the message in the rst place [1].
If a person views the object, then he or she will have no idea if there is any hidden
information; therefore, the person will not attempt to decrypt the information.
Steganography is not really a new method, as it has been in use since the times of
ancient Rome. It can be used in both positive and negative ways. Nowadays, steg-
anography is being used in advanced ways for illegitimate purposes. e steganog-
raphy process is depicted in Figure 10.2.
In today’s digitally connected world, sensitive private information is transferred
through various digital platforms for everyday tasks such as nancial transactions [2].
It is therefore imperative for the users to be aware of steganography used for mali-
cious purposes. e attacker may hide the malicious code within a legitimate looking
le which, when executed, takes control of the target machine. e digital steganog-
raphy application is used to steal sensitive information by sending the information
to fraudsters outside the organization without anyone’s knowledge [3].
Cyber criminals use steganography techniques to encode malicious scripts
into pictures or crafted webpages to smuggle malware through rewalls into the
system under attack [4]. On successful running of the malicious script, the con-
trol commands order a victim’s machine to obtain executable code from remote
servers, which allows an outsider to gain access to local les within the compro-
mised network.
Secret
message
Cover
Estimate of
secret
message
Stego system
encoder
Key
Stego system
decoder
Original
cover
Stego object
Communication
channel
Figure 10.2 Steganography process.
9781138571303_Book.indb 245 28/06/18 1:34 PM
246 Handbook of e-Business Security
e advantage of steganography is being taken by more and more malware
authors in a number of ways, hiding encrypted information inside JPEG images
and sending out of an infected network easily bypassing content ltering [5].
Recently, an exploit kit known as Stegano was discovered, which hid malicious
code in pixels of banner advertisements that were put up on high-prole websites.
In this malvertising campaign, malware authors hid malicious code inside trans-
parent PNG images’ Alpha channel (dening transparency of each channel) by
altering the transparency value of several pixels [6]. It is then displayed as an adver-
tisement on several high-prole websites.
Malicious steganography is not limited to geographical boundaries. e motive
of this is to hide the malicious code to help it to access the system and break the
security. Given the rise of digital usage, one has to be aware and careful of this
trend.
10.2.2 Next-Generation Malware
Malware, or malicious software, remains one of the most pressing problems our
society is facing today. As technology advances and there is an onset of new devices,
new vulnerabilities and challenges in the security of information technology (IT)
come along. e number of malware-related attacks keeps increasing day by day.
As the malware industry grows, more people are trying to nd out the vulner-
abilities in software and system congurations. Software vendors neglect security
and validation of software for rapid development of software. ey push secu-
rity patches, but the upgrades are applied slowly because of the manner in which
upgrades are handled at corporate level. e struggle between attackers and vendors
is destined to be never-ending.
It is clear that cyber criminals have evolved adaptive next-generation malware
that is capable of bypassing the defense systems used in many organizations. It is
capable of sensing sandboxing environments and is mutating like a biological virus.
e next-gen malware is becoming more aware and adaptive to evade behavior
detection.
Malware as a Service (MaaS) is creating market for malicious software [7]. is
service provides customers with access to exploits, botnets, and creation and distri-
bution of malware. In a way, attackers are outsourcing malware service for a price.
e market for malware is growing rapidly. ere are many new ways in which
next-gen malware is evolving to avoid detection. Figure 10.3 illustrates the MaaS.
First level: e elite individuals or groups are a set of general researchers who
write malware and develop exploits.
Second level: ese are spammers, botnet owners, distributors, and hosted sys-
tem providers. ese people are skilled but not always elite. Here, the distribution
is handled.
ird level: ese are fraudsters, middlemen, and nancial data providers.
9781138571303_Book.indb 246 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime 247
ese three levels fall under the umbrella of MaaS which can be sold and pur-
chased as an entire package or individual services by a vendor.
10.2.2.1 Virtual Machine Awareness
Previously, malware could be discovered by sandboxing or isolating it in a virtual
environment that would mimic a company’s desktop systems. While they are in the
sandbox, the suspect les are examined. If the le shows malicious behavior, then
the le is marked as malicious. But an increasing number of attackers are creating
malware that can detect when they are being opened in a virtual environment. If
the malware senses that it is being opened in a sandbox, then it will disguise itself
by getting into dormant state.
e malware does this in one of the two ways. One way is to look for any
human interaction with the malware; if there is no human interaction, then it will
presume that it is a sandbox and go into dormant state. e other way is checking
for drivers like virtual drivers and entries in registry.
10.2.2.2 Polymorphic Malwares
Malware les are being morphed and mutated like a virus to escape signature-based
antiviruses. e process is used by hackers to change some letters, inserting few
Elite group
Distributors
Money fraudsters
D
Figure 10.3 Malware as a service.
Source: Webroot Threat Blog.
9781138571303_Book.indb 247 28/06/18 1:34 PM
248 Handbook of e-Business Security
extra bits, and recompiling the code to generate lots of variants. In this way, every
time a le is presented, it looks dierent.
10.2.2.3 Encrypted Malwares
Malwares are being encrypted using suitable encryption like SSL (Secure Socket
Layer), as it is not decoded or detected by network security systems, and thus hack-
ers nd it easy and eective to build communication tunnels between embedded
malware and remote C&C (Command & Control) servers.
10.2.2.4 Sleeping Malwares
Malwares are also programmed to be inactive until activated on a specic date. It
may be analyzed but is not considered malicious as it is in a dormant state.
ere are many new ways of distributing malwares, and among those malver-
tising is widely used [8]. It is the prime target for malware distribution as most of
the websites on the Internet are supported through advertisements. e attackers
utilize this and spread malicious advertisements into large mainstream webpages
such as of Forbes, Daily Motion, and MSN.
Each platform faces its own challenges, and it is really dicult to respond to
any particular platform in the same way as for other platforms. Each platform is
vulnerable to every malware category that is found on any other platform [9].
10.2.3 Next-Generation Ransomware
Ransomware is a type of malware that encrypts your le until you pay a ransom.
e criminals provide step-by-step instructions on how to pay and sometimes also
oer a helpline for victims who are unsure of how to pay in bitcoins. ey design
cheap-enough prices so that people pay instead of giving up. Figure 10.4 depicts the
next-gen ransomware technique.
Ransomware is at the forefront of any discussion about security today, and we
are sure to encounter even more advanced ransomware in the future. e basic
process of ransomware is that it generally revokes access to the victim’s endpoint
or encrypts data before prompting the victim to pay a ransom to regain control.
ese ransomware attacks have grown drastically more frequently in recent years.
It exploded into a billion-dollar industry since 2016. is high amount of money is
creating a gold-rush atmosphere for cyber criminals who are releasing new ransom-
ware variants into the market. Ransomware targets both consumers and businesses,
but the number of attacks directed at organizations is growing at a more rapid pace.
Every 10 seconds, a consumer gets hit with ransomware, and every 40 seconds, a
company gets hit with ransomware. ere are more number of attacks on a com-
pany as it represents a much bigger potential payday.
9781138571303_Book.indb 248 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime 249
e fth generation of ransomware is knocking our doors [15]. ese future ran-
somwares may have the ability to detect any encryption protection tools installed
on the targeted system. ey may also try to disable the specic protection layer so
that they can advance toward their malicious objective. We also expect ransomware
attacks to be individually targeted in the near future.
According to security experts, ransomware cyber criminals tool in about $1
billion last year includes more than $50 million each for the three wallets associated
with Locky ransomware, Cryptowall close to $100 million, and CryptXXX gath-
ered $73 billion. Furthermore, it is getting dicult to track the amount of money
owing into criminals [21].
Everything is becoming a computer in this era, including microwave, refrig-
erator, car, television, national power grids, etc. All these devices are connected
to the Internet and becoming vulnerable to ransomware and any other computer
threats [16]. It will be only a matter of time before people get messages on their car
screens saying that the engine has been disabled and pay some amount in bitcoins
to turn it back on or pay some amount to get into your house tonight.
Intelligent ransomware are being created with added capabilities [17]. It allows
the cryptoware to ood the outgoing network bandwidth both before and after
encryption. is would enhance the threat. is attack technique could be espe-
cially impactful in large organizations.
Ransomware infects
more PCs in the network
Intelligent ransomware
wi
th added capabilities
Attacker collects
company
email addresses
INITIAL
RANSOMWARE-
INFECTED PC
SPAM
DATA UPLOAD
MALICIOUS WEB
LOCATION
COMPANY NETWORK
INTERNET
SLOWDOW
N
INTERNET
It also enlists
them into a
botnet
Figure 10.4 Next-generation ransomware.
9781138571303_Book.indb 249 28/06/18 1:34 PM
250 Handbook of e-Business Security
10.2.4 Social Engineering Attacks
Social engineering is an art of manipulating people so that they give their conden-
tial information. e types of information the criminals seek can vary, but when an
individual is targeted, the criminals usually try to trick him or her into giving them
his or her passwords or bank information, or access his or her computer to secretly
install malicious software [22]. A newer method of social engineering has been in
the market. e focus of the newer attacks is to penetrate a hoax that will cause
recipients to respond in ways in which they inict self-damage on their computer
systems and then spread this hoax to dierent recipients. is type of virus hoax is
often called “email worm.”
Figure 10.5 depicts a typical social engineering lifecycle. It begins with iden-
tifying the victim and investigating his/her background. Research is then under-
taken to identify a suitable attack method. During the hook period, the victim
is further engaged and the attacker tries to gain full control of the interaction.
During play, the attacker executes the attack and disrupts the business. Finally
at exit, the attacker closes the interaction ideally without arousing suspicion and
removes all traces of malware. e attacker then begins the cycle to identify the
next victim.
Sulfnbk.exe hoax was a mistake made by a computer user. e investigation of
this virus started when someone’s PC was attacked by Magistr worm. is worm
spreads itself through email attachments with executable les.
ese types of hoaxes work because the information in it is really sounding
enough to guarantee faith and that the sender is a known person. ose vulnerable
to such attacks are individuals who have less knowledge of a computer and its appli-
cations. Most people with a desire to be helpful pass on the information without
considering its safety.
Only such people, those suering from what is classied as “false authority
syndrome,” fall prey to such attacks. e people suering from false authority syn-
drome are those who think that they know about computer virus and spread false
information about it but have no genuine experience.
Social engineering continues to be an increasing attack vector for the propaga-
tion of malicious programs. e attack vector is a combination of psychological
Research Hook Play Exit
Figure 10.5 Social engineering attack lifecycle.
9781138571303_Book.indb 250 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime 251
and technical ploys that includes luring a computer to execute a malware and also
combining any existing technical countermeasures [24].
e attackers have moved their bases to countries that have less stringent
laws that govern the mass mailings, i.e., spam. ey infect computers in these
countries and then use it to send out spam and malware to millions of machines
worldwide [25]. As there is lack of detection and remedy tools, the computers
remain infected for long periods of time and are used to spread the malware. Once
the malware is spread, they perform two major activities in the infected computers:
(1) they combat existing protection mechanisms, and (2) they continue to execute
by opening backdoors or installing key loggers.
Social engineering malware have also succeeded in disabling antivirus software
and blocking attempts to go to the Microsoft’s website for patches of Windows
systems. Social engineering is majorly used today to spread ransomwares. ese
ransomwares are intelligent next-gen-type ransomwares.
ere are dierent types of social engineering attacks like baiting, scareware,
pretexting, and phishing. Table 10.1 shows the dierence between the social engi-
neering attacks.
Even though computer systems are becoming more and more secure through
better software development and testing, they are easily subverted by hackers using
social engineering techniques. Technology and security policies alone cannot evade
social engineering attacks, and they are useful only if adopted and accepted by
people in the organization.
10.2.5 IoT and Articial Intelligence in Cybercrime
In today’s world, not only our computers and smartphones provide potential access
points for an attacker but also other connected infrastructure projects in our homes
and streets, which just takes a weak link to compromise an entire network. e
number of IoT devices is set to hit 15 million by 2021, predicted by a security
research rm Juniper [26].
Consumers and businesses are already reaping the benets of these IoT devices,
ranging from wearable healthcare devices that monitor vitals to intelligent heat-
ing systems. is wave in connected devices has created an opportunity for cyber
criminals. Generally, IoT devices are built with aordability in mind rather than
with security in mind. is in turn provokes cyber criminals to penetrate into IoT
devices and thus increases the population of legacy devices that remain unpatched
and forever vulnerable to attacks.
Automated vehicles are hackable as your smartphone can be used as a weapon.
An estimated 1.3 million people die every year in road accidents, but after utiliz-
ing this attack, it could be used by black hat hackers for political assassinations.
Major damage in the case of IoT devices is related to healthcare. Security aws
have been found in cardiac debrillators, which could be accessed by hackers. Even
hospitals are good targets for ransomwares, and these types of attacks will increase
9781138571303_Book.indb 251 28/06/18 1:34 PM
252 Handbook of e-Business Security
Table 10.1 Comparative Analysis of Social Engineering Attacks
Baiting Scareware Pretexting Phishing
Denition It uses false promises to
pique victims greed or
curiosity and steals their
personal information or
infect their system with
malware
It involves victim being
bombarded with false
alarms and ctitious
threats. They are
deceived to think their
system is infected with
malware, promising
them to install software
that is malware itself.
Attackers obtain
information through a
series of cleverly crafted
lies. Attacker starts by
establishing trust with
the victim. They ask the
victim questions to gain
important personal
information.
These are emails and text
messages aimed at
creating a sense of
urgency, curiosity, or
fear in victims. It then
prods into revealing
sensitive information by
clicking on links to
malicious websites.
Attack vector Physical media such as
pen drive.
Browser of mobile or
desktop.
People that are being
lied to.
Email or SMS containing
malicious links.
Examples Attackers leave the bait
typically malware-
infected ash drives to
be picked up by
someone.
Legitimate-looking
popup banners in the
browser that will
redirect to malicious
site.
Getting personal
information such as
social security number
and phone records by
lying to the victim.
Email sent to the user of
an online service alerts
them of a policy
violation requiring
immediate action.
9781138571303_Book.indb 252 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime 253
in the future. Cases have been seen in which hackers hold patient data hostage,
directly endangering the lives of patients. One can only imagine what will happen
if a hacker gains access to life-sustaining devices like pacemakers. is is a real
scenario for which cybersecurity professionals must prepare for.
Machine learning and articial intelligence (AI) have also seen a vast increase
of cyber threats recently. Machine learning is used as a support for cyberattacks.
ere have been instances where the attacks have coincided with the travel dates of
businessmen, which increases the odds of cyberattacks. Malicious machine learn-
ing algorithms could be made by cyber criminals to pick targets more precisely and
with greater levels of success.
Cyber criminals are working on new techniques for getting through the secu-
rity of established organizations, having access to everything from IP addresses to
individual customer information. ey can cause damage, disrupt sensitive data,
and steal intellectual property. Hackers are executing their attacks in more sophis-
ticated ways which are harder to defeat. It is really dicult for anyone to tell which
type of attacks will emerge after 5 or 10 years.
Although organizations pay a hefty amount of money on cybersecurity soft-
ware and services, the incidence of attacks keeps increasing. With increasing IoT,
more entry points are being made, which in turn will increase the potential for
damage. Hackers will use innovative techniques including IoT hacks, ransomware,
and AI to launch even more attacks.
10.3 Preventive Measures to Curb Cybercrimes
Protective measures are necessary when these types of security trends keep on
increasing. Dierent trends of cybercrime require dierent approaches to be taken,
which needs to be discussed here.
10.3.1 General Measures
Protection against malicious digital les can be done by scanning PCs regularly for
questionable software. One should not open emails or download attachments from
unknown senders or sources. OS updates and patch downloads should be enabled
regularly to keep the OS protected against latest vulnerabilities and exploits.
10.3.2 Defense against Steganography Crimes
e best defense against steganography is to prevent infection in the rst place. A
strong security practice would be active monitoring of system and strong access
control to your data. Also, updated software, apps, and antiviruses should always
be used.
9781138571303_Book.indb 253 28/06/18 1:34 PM
254 Handbook of e-Business Security
10.3.3 Curbing Malware
Security researchers have designed next-generation analysis techniques that identify
and neutralize malware. ey block new and unknown threats and also grade the
risk of each thread. New malware pieces are dissected constantly to understand
how they operate. After dissecting malwares, security researchers create an algo-
rithm that can analyze and recognize malicious behavior when it occurs. Every
company and individual should know which hardware they are using and whether
it comes from trusted sources. Education of users is necessary in preventing mal-
ware attacks, as many users do not understand the risks associated with the tech-
nology. It is necessary for IT administrators to vet carefully all applications on the
network before installing on trusted devices.
10.3.4 Firewall
A complete network separation should be established between trusted and
untrusted devices. Trusted devices should be behind a rewall IT policy should
be kept in mind before performing any major changes in the system. A next-
generation rewall software has been released by Forcepoint which adds support
for the new cloud-based malware detection service. e entire department on an
enterprise level should keep their system up to date with patches without com-
promising the functionality of a proprietary system. Figure 10.6 depicts next-
generation rewalls.
10.3.5 Measures against Ransomware
With ransomware attacks becoming more prevalent, we should urge everyone to
separate levels of access accurately and use dierent logins to manage your net-
work’s security. Everyone should know that ransomware only needs one admin-
istrator’s credential to spread across the entire network. Network admins should
Application based filtering
Lower administrative cost
Better QoS
Easier to identify threats
Identify
ing network traffic by user
Groups
Inspection of SSL/SSH traffic
NEXT-GENERATION FIREWA LL
Figure 10.6 Next-generation rewall.
9781138571303_Book.indb 254 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime 255
focus on patching as a key proactive security layer. Trac ltering should be used
as an extra security measure against ransomware. More importantly, every user
should be educated and be familiar with baseline cybersecurity measures.
A backup policy should be kept in place, and backups should be conducted
on a regular basis. Backups are critical in ransomware recovery and response.
Ransomware detection should be integrated in the data-backup technology of every
company.
10.3.6 Guard against Social Engineering Attacks
Social engineering attacks are going hand in hand with ransomware attacks. e
key is to recognize the threat. We should always compare the communication
received with past experiences and industry standards before giving out any valu-
able information. Emails should be checked for online social scams. Every com-
pany should secure third-party services holding critical parts of your business.
Consultation should be taken from IT administrators and security experts about
countermeasures and monitoring process. Organizations should protect themselves
by blocking suspicious communications with spam lters and by educating end
users about security practices. Always keep an eye for typos, redirected links, and
other tricks to lure innocent and unaware people.
10.3.7 Guard against AI and IoT Attacks
AI is used to perform cybersecurity tasks to stop cybercrime. AI identies poten-
tial threats using machine learning by reviewing data from millions of lines of
code every day. AI cybersecurity system will become a valuable tool for protecting
against attacks using machine learning. More and more people should be educated
on the IoT and AI security perspective.
10.4 Conclusion
e cybercrime landscape has grown in parallel with software and emerging tech-
nologies like AI and IoT. It adapts new techniques and strategies for targeting
industries. e inherent cat-and-mouse game between cyber criminals and security
researchers has existed for years with no sign of stopping.
Administrators all across the industries need to protect their devices from cyber-
crimes. ey should focus on keeping OSs and security up to date and harden their
infrastructure against open vectors of attack. Infrastructure security solutions are
evolving with an increase in the threat of data breaches. Network defenders should
stay aware of the new patches, security advancements, and state of cybercrimes to
help them face any new challenges against security.
9781138571303_Book.indb 255 28/06/18 1:34 PM
256 Handbook of e-Business Security
References
1. Kumar, Pramendra, and Vijay Kumar Sharma. Information Security Based on
Steganography & Cryptography Techniques: A Review. International Journal 4, no.
10 pp. 246–250 (2014).
2. Navhind Times. Keeping Cyber Crime in Check: Beware of Steganography.
June 28, 2015 www.navhindtimes.in/keeping-cyber-crime-in-check-beware-of-steg-
anography/.
3. Kevin Lonergan. How Cyber Criminals Are Using Hidden Messages in Image
Files to Infect Your Computer, Information Age. June 27, 2015 www.information-
age.com/how-cyber-criminals-are-using-hidden-messages-image-les-infect-your-
computer-123459881/.
4. John Leyden. Intruder Alert: Cyber ugs Are Using Steganography to Slip
inMalware Badness, e R egister. August 8, 2014 www.theregister.co.uk/2014/08/08/
malware_steganography/.
5. Pierluigi Paganini. Hackers Used Data Exltration Based on Video Steganography,
Security Aairs. November 29, 2014 www.securityaairs.co/wordpress/30624/cyber-
crime/hackers-used-data-exltration-based-video-steganography.html.
6. Mohit Kumar. Hacking Millions with Just an Image, e Hacker News. December
6, 2016 https://thehackernews.com/2016/12/image-exploit-hacking.html.
7. Blue Coat Systems. Defeating Next-Generation Malware with Next-Generation
Analysis. 2014 www.symantec.com/content/dam/symantec/docs/white-papers/next-
gen-malware-analysis-en.pdf.
8. SentinelOne. Critical Features of Next-Generation Endpoint Protection, Part
Two: Dynamic Malware Detection. July 13, 2016 www.sentinelone.com/blog/
critical- features-next-generation-endpoint-protection-part-two-dynamic-malware-
detection/.
9. Ralf Benzmuller. Malware Trends, GDataSoftware. October 4, 2010 www.
gdatasoftware.com/blog/2017/04/29666-malware-trends-2017.
10. JP Buntix. Top 5 Ma lware Trends for Q1, e Merkle. April 1, 2017 https://themerkle.
com/top-5-malware-trends-for-q1–2017.
11. Homeland Security. Malware Trends, ICS-CERT, NCCIC. 2016 https://ics-cert.
us-cert.gov/sites/default/files/documents/NCCIC_ICS-CERT_AAL_Malware_
Trends_Paper_S508C.pdf.
12. WeLiveSecurity. e Year in Security: Trends 2017. January 4, 2017 www.
welivesecurity.com/2017/01/04/year-security-trends-2017/.
13. Kate Cohen, Michael Viscuso. Customer Case Study: Stonewall Kitchen Prevents
a New Trend in Malware with Carbon Black, Carbon Black. July 10, 2017
www.carbonblack.com/2017/07/10/customer-case-study-stonewall-kitchen- prevents-
new-trend-malware-carbon-black/.
14. Virginia Satrom. Forcepoint Advanced Malware Detection to Next Generation
Firewall, Force Point. April 4, 2017 www.forcepoint.com/newsroom/2017/forcepoint-
adds-advanced-malware-detection-next-generation-rewalls-0.
15. Morten Kjaersgaard. Prediction: the Next Generation of Cyber Attacks as
Shaped by the Top 3 Evolutionary Trends, Heimdal Security. August 10, 2016
https://heimdalsecurity.com/blog/prediction-next-generation-cyber-attacks-shaped-
top-3-evolutionary-trends/.
9781138571303_Book.indb 256 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime 257
16. Larry Loeb. An Evolving reat: Ransomware in 2017, Security Intelligence. 2017
https://securityintelligence.com/an-evolving-threat-ransomware-in–2017/.
17. Jonathan Crowe. Ransomware Trends and Forecasts, Barkly. February, 2017 https://
blog.barkly.com/new-ransomware-trends–2017.
18. Trac y Rock. Ransomware Statistics 2016–2017: A Scary Trend in Cyberattacks,
Invenio IT. February 27, 2017 http://invenioit.com/security/ransomware-statis-
tics-2016/.
19. Jonathan Barkly. 2017 Trends in Ransomware: 5 Disturbing Predictions, Spiceworks.
February 21, 2017 https://community.spiceworks.com/topic/1967355-2017-trends- in-
ransomware-5-disturbing-predictions.
20. Bruce Schneier. e Next Ransomware Attack Will be Worse than WannaCry,
Schneier on Security. May 16, 2017 www.schneier.com/essays/archives/2017/05/
the_next_ransomware_.html.
21. Maria Korolov. Ransomware Took in $1 billion in 2016—Improved Defences May
Not Be Enough to Stem the Tide, CSO Online. January 5, 2017 www.csoonline.
com/article/3154714/security/ransomware-took-in-1-billion-in-2016-improved-
defenses-may-not-be-enough-to-stem-the-tide.html.
22. Shelly A. Waltz. Recent Trends in Social Engineering and Hoaxes—Destroy
Yourself, GIAC. 2002 www.giac.org/paper/gsec/2056/trends-social-engineering-hoaxes-
destroy/103545.
23. Trend Micro. Ethereum Classic Wallet a Victim of Social Engineering. July 4,
2017 www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/
ethereum-classic-wallet-a-victim-of-social-engineering.
24. Abraham, Sherly, and InduShobha Chengalur-Smith. An Overview of Social
Engineering Malware: Trends, Tactics, and Implications. Technology in Society 32,
no. 3 (2010): 183196.
25. Tamlin Magee. Cybersecurity Trends 2017: Malicious Machine Learning, State-
Sponsored Attacks, Ransomware and Malware, Computer World UK. January 2, 2017
www.computerworlduk.com/security/cybersecurity-trends-2017-malicious-machine-
learning-state-sponsored-attacks-ransomware-3652298/.
26. Charles McLellan. Cybersecurity in an IoT and Mobile World: e Key Trends.
June 1, 2017 www.zdnet.com/article/cybersecurity-in-an-iot-and-mobile-world-the-
key-trends/.
27. EY. Cybersecurity and the Internet of ings. 2 015 www.ey.com/Publication/
vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-
and-the-internet-of-things.pdf.
28. Ulf Mattsson, David Morris, Mandeep Khera. Trends in IoT Cyber Attacks, Bright
Talk. September 13, 2017 www.brighttalk.com/webcast/14723/260163/2017- trends-
in-iot-cyber-attacks.
29. Private Tunnel. 6 Malware and Hacking Trends to Watch Out for in 2017. 2017
www.privatetunnel.com/home/6-malware-and-hacking-trends-2017/.
30. AT Kearney. VR, IoT, AI and Hacks: Digital Trends and emes of 2017.
January, 2017 www.atkearney.in/paper/-/asset_publisher/dVxv4Hz2h8bS/content/
id/10960083.
9781138571303_Book.indb 257 28/06/18 1:34 PM
9781138571303_Book.indb 258 28/06/18 1:34 PM
... Cybercrime has become a persistent concern in recent years; it can cause significant financial losses, affect individual privacy and security, and threaten national security. Cybercrimes is a general term wherein the computer is either a tool or a target or a medium of communication for carrying out criminal activity [31]. ...
Technical Report
Full-text available
This study explores the potential benefits and challenges of incorporating artificial intelligence (AI) in digital forensics investigations. The rapid growth of digital data has made traditional procedures time-consuming and error-prone. While AI can automate some tasks, ethical and legal issues need to be addressed. The paper provides recommendations for integrating AI in digital forensics operations while respecting moral and ethical principles. It examines digital forensics frameworks, AI use, and legal issues. The principles developed can help experts make the best use of AI, resulting in quicker, more accurate findings and improved offenders detection. Future research should focus on developing AI tools for digital forensics investigations.
... Como cualquier tecnología, Nginx posee vulnerabilidades ( Fig.1.) que pueden ser aprovechadas por un ciberatacante para comprometer a la aplicación web y acceder a información sensible, permitiendo además afectar al sistema operativo, el sistema gestor de bases de datos y las aplicaciones web alojadas [6][7][8]. Las vulnerabilidades del núcleo de Nginx son resueltas a través de nuevas versiones liberadas, las cuales a su vez contienen nuevas vulnerabilidades por descubrir y resolver [9]. Actualmente, se presentan dos escenarios en los cuales, las vulnerabilidades son la mayor amenaza de seguridad en los servidores web: ...
Article
Full-text available
1 laguilera@uci.cu, 2 lrchang@uci.cu, 3 henryraul@uci.cu RESUMEN La propia evolución de las tecnologías, en su desarrollo acelerado, ha propiciado el surgimiento de ataques cada vez más complejos a los sistemas de informacion. Los servidores web son la base sobre la que se sustentan diferentes procesos, además de interactuar directamente con el sistema operativo, razon por la cual se convierten en un objetivo atractivo para los ciberatacantes. El denominado servidor Nginx, de aplicación en la web, ha alcanzado una gran popularidad en los últimos años , lo que a su vez, lo ha convertido en un objetivo constante para la búsqueda de vulnerabilidades. Un análisis de servidores web populares de código abierto reveló importantes agujeros de seguridad, a pesar de los esfuerzos obvios de las comunidades de desarrolladores, generandose vulnerabilidades, no previstas, que impactan sobre sus usuarios cuando los mismos no son expertos en temas de seguridad. Para lograr una garantia adecuada en este campo es necesario aplicar medidas y configuraciones adicionales a las establecidas por defecto durante un despliegue inicial. Por ello el objetivo de esta investigación fue organizar y aplicar medidas para el fortalecimiento de la seguridad a través de los diferentes mecanismos de configuración para el servidor web Nginx. Estas medidas fueron introducidas en aplicaciones disponibles en Internet en el año 2018, siendo efectivas para garantizar la confidencialidad, integridad y disponibilidad de la información ante ataques, riesgos y amenazas de todo tipo, contribuyendo de este modo al proceso de informatización segura que se lleva a cabo en el país. ABSTRACT The notorious evolution of technologies has led to the rising of increasingly complex cybernetic attacks. Web servers are the foundations supporting these technologies , interacting directly, besides, with the operating system which makes them an attractive target for cyber attackers. The denominated Nginx server has reached recently a great popularity, becoming thus a constant target for the search for vulnerabilities in such a way that analysis of popular open source web servers revealed important security holes, despite the obvious efforts of their developer communities. These vulnerabilities leave both applications and their no expert users in a "security limbo" opened to exploitation, for what it is almost mandatory and necessary, to apply additional measures and configurations to those established by default during an initial deployment. Therefore, the objective of this research was to organize and implement measures to harden security through the different configuration mechanisms for the Nginx web server. These measures were applied in applications available on the Internet in 2018, being effective to guarantee the confidentiality, integrity and availability of information in the face of attacks, risks and threats of all kinds, thus contributing to the secure computerization process that is taking place in the country.
... An attack (intrusion) caused by a cybercriminal should be considered malicious due to highly skilled programming capabilities of cybercriminals [21]. There are several tools that can be used for network monitoring systems that impact attacks on computers, one of which is IDS-based Snort [22]. ...
Chapter
Full-text available
Cloud computing paradigm produce several network access resources for example, storage server and networking. A vast number of transactions over the cloud computing attract the cyber criminals to attack on the sensitive credential of the users. Therefore, the users feel unsafe to store their data on the clouds, despite remarkable interest in the cloud-based computing. Data security is the main issue, since data of an organization provides an alluring target for cyber-criminals. It will cause to reduce the development of the distributed computing, in case the researchers failed to address these security issues on time. Thus, intrusion detection and prevention systems must be updated with the current advancement. In this paper we present an intensive review for the most related work done for IDS/IPS. Furthermore, it shows that IDS/IPS are under the deployment since four decades.
... An attack (intrusion) caused by a cybercriminal should be considered malicious due to highly skilled programming capabilities of cybercriminals [21]. There are several tools that can be used for network monitoring systems that impact attacks on computers, one of which is IDS-based Snort [22]. ...
Conference Paper
Full-text available
Cloud computing paradigm produce several network access resources for example, storage server and networking. A vast number of transactions over the cloud computing attract the cyber criminals to attack on the sensitive credential of the users. Therefore, the users feel unsafe to store their data on the clouds, despite remarkable interest in the cloud-based computing. Data security is the main issue, since data of an organization provides an alluring target for cyber-criminals. It will cause to reduce the development of the distributed computing, in case the researchers failed to address these security issues on time. Thus, intrusion detection and prevention systems must be updated with the current advancement. In this paper we present an intensive review for the most related work done for IDS/IPS. Furthermore, it shows that IDS/IPS are under the deployment since four decades.
... They charge $120 for monthly subscriptions and $900 for one-year access, which can reach $1900 if the buyer wishes to add more features. Cybercriminals use another way to sell their ransomware with offering the malware and C&C infrastructure for free, but they take a cut of any payment received from victims [4] [28] There are different services provided by the black-market offering access to servers around the global, using remote desktop protocol (RDP). The prices of these services vary between $8 and $15 per server, and the buyer can search by country, by operating system, or by which payment sites users visited using that server. ...
Conference Paper
Full-text available
The economy of a country is driven in part by the variety of businesses that thrive in it. Competition among these businesses is encouraged as long as they follow specific rules set forth by the governments in which they operate. However, it becomes an entirely different story when the competitors play in a completely different environment and make their own rules. The black market has long provided such an environment but it used to be confined to a particular geographic area, and very few thrived outside of their geographic location, until the Dark Web was introduced. The Dark Web has provided to any black market business of any size to expand their business outside of their geographic location. The black market by itself already influences businesses with whom they share the same geographic location. But the Dark Web expands the black market’s influence to a global scale. This paper first, looks into the influence of Black Market activities on the Dark Web. Then, it presents how both the Black Market and the Dark Web affect on the economy of individual countries and on the world’s economy as a whole.
Article
8 Cybercrimes have an adverse impact on the reputation and economy of a nation. This paper investigates the factors that affect the frequency of cybercrime originating within a country. These factors were grouped into three categories, namely, economic capital, technological capital, and cybersecurity preparedness. On analyzing the data from 124 countries, it emerges that the economic capital and technological capital of a country are the primary factors that influence the frequency of cybercrime originating within it. Technological capital also partially mediates the relationship between economic capital and the frequency of cybercrime originating within the nation. Furthermore, the cybersecurity preparedness of a nation negatively moderates the relationship between technological capital and frequency of cybercrime originating within it. The findings have significant implications for policymakers at the national level and managers at the organizational level concerning cybersecurity preparedness. They should focus on both hard (legal, technical, organizational) and soft (training and co-operational) aspects of cybersecurity preparation to minimize the incidence of cybercrime within a nation.
Chapter
This chapter sets out why we should think about criminological risks as stemming from the configuration of technology, economic and social organisation, and cultural identity. ‘Cyber’ implies a set of rules and spaces separate from the real. A digital perspective shows how embedded the internet infrastructure is with day-to-day life and other systems. This means that costs and risks of crime are distributed more widely throughout society. Work is increasingly distributed through digital platforms designed for the purpose or repurposed from other platforms. This creates opportunities for new forms of work and reward, and risks of exploitation and misuse.
Article
Full-text available
Over past few decades, with the advancement of communication technology the use of internet has grown extremely to exchange information without any distance barrier. However, such network is most popular for fast and easy process to exchange information over the long distance but still the message transmissions over the Internet have face all kinds of security problems. Therefore the applications of cyber world needing high level of safeguard for expensive data and produce explosive growth to the field of information hiding. However, in recent years, a lot of research has taken place in direction to trim down the security issues by contributing various approaches but different terrains pose separate challenges. In this context, this paper presents the investigation of two popular security mechanisms, namely cryptography and steganography. I. INTRODUCTION In any communication, security is the most important task. With the advancement of technology and the wide use of World Wide Web for communication increase the challenges of security. However, the challenges can be manageable with the advanced technologies of secure networks but every time these technologies may not be reliable for communication of secrete information over a long distance that produce a need of additional security mechanisms to secure secrete information. In this context, to provide the security two techniques has been used widely, Cryptography and Steganography. Cryptography is used to scramble the information, deals with changing the meaning and appearance of message. It changes the plain text into cipher text by the process of encryption, uses the mathematical techniques and various algorithms such as public key cryptography, private key or symmetric and asymmetric algorithm for securing the information. However, cryptography provide secure solutions to a set of parties, by encrypting plain text into cipher text but the cyber attacker easily arouse these text and intercepts the communication between two separate users to modify, inject, or drop any communication packet. To improve these limitations and to reduce the issues of cryptographic methods an alternative mechanism, the steganography has use widely. Generally the concepts of this techniques differ from the cryptography, where the cryptography method converted the information in a encrypted form that an eavesdropper and cannot be understand, the Steganography technique embeds hidden content in unremarkable cover media so as not to arouse an eavesdropper's suspicion in some cases, sending encrypted information may draw attention, while invisible information will not. However, both cryptography and steganography provide the security but no one standalone techniques are enough of secure information efficiently and different security categories have different requirements and problems.
Article
Social engineering continues to be an increasing attack vector for the propagation of malicious programs. For this article, we collected data on malware incidents and highlighted the prevalence and longevity of social engineering malware. We developed a framework that shows the steps social engineering malware executes to be successful. To explain its pervasiveness and persistence, we discuss some common avenues through which such attacks occur. The attack vector is a combination of psychological and technical ploys, which includes luring a computer user to execute the malware, and combating any existing technical countermeasures. We describe some of the prevalent psychological ploys and technical countermeasures used by social engineering malware. We show how the techniques used by purveyors of such malware have evolved to circumvent existing countermeasures. The implications of our analyses lead us to emphasize (1) the importance for organizations to plan a comprehensive information security program, and (2) the shared social responsibility required to combat social engineering malware.
How Cyber Criminals Are Using Hidden Messages in Image Files to Infect Your Computer, Information Age
  • Kevin Lonergan
Kevin Lonergan. How Cyber Criminals Are Using Hidden Messages in Image Files to Infect Your Computer, Information Age. June 27, 2015 www.informationage.com/how-cyber-criminals-are-using-hidden-messages-image-files-infect-yourcomputer-123459881/.
Intruder Alert: Cyber Thugs Are Using Steganography to Slip in Malware Badness, The Register
  • John Leyden
John Leyden. Intruder Alert: Cyber Thugs Are Using Steganography to Slip in Malware Badness, The Register. August 8, 2014 www.theregister.co.uk/2014/08/08/ malware_steganography/.
Hackers Used Data Exfiltration Based on Video Steganography, Security Affairs
  • Pierluigi Paganini
Pierluigi Paganini. Hackers Used Data Exfiltration Based on Video Steganography, Security Affairs. November 29, 2014 www.securityaffairs.co/wordpress/30624/cybercrime/hackers-used-data-exfiltration-based-video-steganography.html.
Hacking Millions with Just an Image, The Hacker News
  • Mohit Kumar
Mohit Kumar. Hacking Millions with Just an Image, The Hacker News. December 6, 2016 https://thehackernews.com/2016/12/image-exploit-hacking.html.
Critical Features of Next-Generation Endpoint Protection, Part Two: Dynamic Malware Detection
  • Sentinelone
SentinelOne. Critical Features of Next-Generation Endpoint Protection, Part Two: Dynamic Malware Detection. July 13, 2016 www.sentinelone.com/blog/ critical-features-next-generation-endpoint-protection-part-two-dynamic-malwaredetection/.
Malware Trends, GDataSoftware
  • Ralf Benzmuller
Ralf Benzmuller. Malware Trends, GDataSoftware. October 4, 2010 www. gdatasoftware.com/blog/2017/04/29666-malware-trends-2017.
Top 5 Malware Trends for Q1, The Merkle
  • J P Buntix
JP Buntix. Top 5 Malware Trends for Q1, The Merkle. April 1, 2017 https://themerkle. com/top-5-malware-trends-for-q1-2017.
The Year in Security
  • Welivesecurity
WeLiveSecurity. The Year in Security: Trends 2017. January 4, 2017 www. welivesecurity.com/2017/01/04/year-security-trends-2017/.