Вы находитесь на странице: 1из 6

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/331010726

Literature review on Cyber Crimes and its Prevention Mechanisms

Technical Report · February 2019


DOI: 10.13140/RG.2.2.16573.51684

CITATIONS READS

0 6,638

1 author:

Annamalai Lakshmanan
Universiti Sains Malaysia
9 PUBLICATIONS   1 CITATION   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Designing an enterprise network which supports latest and future digital transformation View project

Implementation of Wireless Patient Body Monitoring System using RTOS View project

All content following this page was uploaded by Annamalai Lakshmanan on 11 February 2019.

The user has requested enhancement of the downloaded file.


Annamalai Lakshmanan

Literature review on Cyber Crimes and its Prevention


Mechanisms
Annamalai Lakshmanan
National Advanced IPv6 Centre
Universiti Sains Malaysia,
Penang, Malaysia
annamalai_123@student.usm.my

Abstract— Cybercrimes is defined as the criminal data interchange and other means of electronic communication
activities carried out by means of using digital devices like and applies to whole India. The top five crime heads [5] in
computers through internet. Basically, a crime committed decreasing order is as follows:
by using the internet is called as a cyber-crime. Now a • Loss or Damage to computer resource or utility
day’s, information is wealth and also to earn money in an • Obscene publication/transmission in electronic form
illegal way, cyber-attacks are happening, and data is been • Hacking
stolen from the servers or money is been stolen in an illegal • Tampering computer source documents
way. So, this paper describes the list of cyber threats • Breach of confidentiality or privacy
happened around the world until now and its prevention The paper will give an overview of cybercrimes registered
mechanisms. Also, the cyber threat predictions in the and persons arrested on cybercrime charges. Also, it describes
upcoming year is also discussed in the final section and the prevention techniques for some cyber-crimes happened
cyber threat analysis for January 2019 is also been until now. In final section, cyber threat analysis and its
discussed. predictions in the upcoming year is also been discussed.
Keywords— Cyber Crimes, malware, cyber-security, II. CYBER CRIMES CASE STUDIES
cyber banking, cyber-attacks, cyber security - Internet,
The below are the list of cyber-crimes happened around the
Mail, Removable devices, Network folders, Phishing,
world with full description.
Cyber-crimes in India, Information Technology Act –
2000, Intelligence, DDoS, Mitigation techniques.
1. Threat to cyber banking in South Africa [6]
Most banks in South Africa use the mainframe computer to
I. INTRODUCTION process their customers’ data. The reason for the use of
Cyber-crime has been reported as one of the top four mainframe computer is that the computer can perform
economic crimes perceived by all organizations. [1] largescale data processing in a self-contained structure instead
According to an ASSOCHAM report the number of cyber- of having individual computers to process small junk of data.
crimes all over the world will reach to a higher level to earn Another advantage of the mainframe computers is that
money in an illegal way. The statistics from the surveys shows they offer virtualization which allows the creation of multiple
how the Cyber-crime has been increasing at an alarming rate logical computers within a single mainframe to work together.
all over the world. What is cybercrime? Webopedia defines Mainframe computers are most often larger than servers
Cybercrime as "any criminal act dealing with computers and because of the redundancy in its design and components that
networks (called hacking)”. [2] Cybercrime is a range of allow for high availability as well as scalability. Some
illegal digital activities targeted at organizations in order to components of the mainframe computer such as disks and
cause harm. [3] The simplest possible definition given by interface adapters can be replaced or upgraded without the
Norton Company is “Cybercrime is simply a crime that has server been shut down. The challenges that banks face when it
some kind of computer or cyber aspect to it”. [4] According to comes to cyber security are as followed:
Norton, for every 3 seconds someone’s identity is stolen as a • The downtime of systems
result of cybercrime. Cyber-crimes do not consider any • Protection of customer’s information
boundaries or territorial barriers. Making the cyber world safer • Maintenance of reputation in the industry
is the major concern to all the stakeholders. In this regard, • Protection of critical infrastructure
every country will have its own Cyber law or Internet law to
control the cybercrimes in their countries. Indian government Cyber criminals often exploit less developed countries due
also framed such law which is called the Information to weak security controls and then use these exploitations to
Technology Act, 2000 [5]. This act is meant for legal target more developed countries to gain access to big
recognition for transactions carried out by means of electronic multinational companies. If the cyber banking security is
compromised, the cyber security of the entire country could be

1
Annamalai Lakshmanan
compromised, thus leading to some serious breaches [6]. PREVENTION MECHANISM – [6] Proposed a system that
Check Point, a security firm recently portrayed South Africa would utilize an authentication/authorization mechanism, and
as one of the most targeted countries by cyber criminals in firewall to provide boundary security that would defend the
January 2016. According to its Threat Cloud Map of the banking space periphery. The firewall would be configured to
countries most targeted by cyber criminals in January 2016, filter network traffic based on the information in the packet
South Africa jumped from position 67 to position 22 [6]. header. This information is defined and managed by the policy
According to Check Point, phishing attacks have increased manager.
targeting video-on-demand users, who are often tricked into
passing on their logon credentials under the disguise that their 2. Stealing of Credit and Debit Card Information [7]
accounts need to be updated. This phishing attacks are often In 2007 three men have been indicted for hacking into
delivered by spam emails with attachments that install cash registers machine at Dave & Buster's restaurant locations
malware on the user’s computer system. Malware includes in the US stealing data from thousands of credit and debit
viruses, worms, or any other exploitation software. The cards. That data that was later sold and caused more than
modern malware seeks to copy data from one location to $600,000 in losses. One from Ukraine and other from Estonia
another in order to gain access to protected resources or hacked into cash register machines at 11 Dave & Buster's
information. locations and installed "sniffer" programs to steal payment
From the Symantec Intelligence Report of February 2014 data as it was being transmitted from the point-of-sale
South Africa in the month of February 2014 recorded the terminals to the company's corporate offices. Later the same
highest rate of phishing attacks with 1 in every 668 emails men were charged with similar a breach at TJMax. Some
identified as a possible phishing scam. Also 1 in every 2 of all Analysts estimated the losses at TJ Max at more than USD$1
South African emails traffic were identified as spam [6]. South Billion [7]. An inspector with the U.S. Postal Inspection
Africa was ranked 7th in the top 10 sources of phishing and Service alleged one of the three men was a major reseller of
geographically South Africa was ranked 1st in the top 5 stolen credentials [7]. Notably all the three men were arrested
phishing destination. The RSA Anti-Phishing Service recorded while visiting two countries, which actively co-operate with
a total of 1942 new phishing attacks in South Africa with a net US law enforcement Turkey and Germany and not at home in
potential loss of about $6,828,072 between January and June Eastern Europe.
2012.
3. Blue Security DDoS Attacks [7]
In 2006 Blue Security was an anti-spam company based in
Israel and California. It had an original idea to stop spam.
They would send requests to stop sending spam to spammers
each time they sent spam to their customers. This caused a
lot of problems for the spammers who found they were having
serious capacity issues with Blue Security sending these
messages on behalf of more than 500,000 customers. While
this virtual vigilante system of spamming the spammers was
controversial it was apparently quite legal. The response from
the spammers was a DDoS attack. Blue Security
responded effectively initially but with the time the attack
grew in size and sophistication. Blue Security had to turn to
Fig 1. The Microsoft Security Intelligence of 2014 – South others for support. When Blue Security got the Prolexic DDoS
Africa protection which washed their traffic the spammers
merely turned their DDos on Prolexis’ DNS which shut them
The Microsoft Security Intelligence Report indicates that down and many of their customers who used their service.
the most common category of malware was worms and about The result was Blue Security had to go it alone. Shortly after
8.3% of computers in South Africa were affected in the 4 th and as a result the CEO decided to shut the company down
quarter of 2014. There was a drop from 10.2% from 3rd [7].
quarter of 2014 [6]. The second and third most common
malware in South Africa were Trojans and Obfuscators & 4. National Australia Bank and Westpac Bank DDoS
Injectors respectively. There were drop to 3.4% from 4.9% Attacks [7]
and 2.3% from 2.7% respectively. Potentially unwanted While the Blue Security DDoS attacks would appear to
software was the second on the list of the most common have little nexus to Australia, DDoS as a tool of
category. This category affected about 30% of all computers retribution has been seen in Australia a number of times. In
that were cleaned. Adware came third on the list with about October 2006, National Australia Bank (NAB) suffered a
19% affected of all the computers that were cleaned in South DDos. Information from law enforcement officials indicated
Africa as shown in figure 1. The South African government that the attacks were from Russia. Then in September 2007,
has also passed legislations, Policies, Acts, Regulations, to Westpac Bank suffered an attack with similar traffic patterns
help combat the surge of cybercrimes. not long after their new cybercrime response team was
established and operating against phishing attacks [7].

2
Annamalai Lakshmanan
5. SIM Swap Fraud [8]: PREVENTION MECHANISM – [8] Hardening of the
In August 2018, two men from Mumbai were arrested for security systems by limiting its functions and performance
cybercrime. They were involved in fraudulent activities only to authorized people can be the way forward. Any
concerning money transfers from the bank accounts of unauthorized access to the network should immediately set an
numerous individuals by getting their SIM card information alarm to block all the access to the bank’s network. Also, to
through illegal means. These fraudsters were getting the minimize risk, enabling a two-factor authentication might
details of people and were later blocking their SIM Cards with help. Through testing, potential vulnerabilities can be fished
the help of fake documents post which they were carrying out out and can make the entire digital part of the banking system
transactions through online banking. They were accused of safe.
transferring 4 crore Indian Rupees effectively from various
accounts. They even tried to hack the accounts of a couple of 7. ATM System Hacked in Kolkata [8]:
companies. In this, the fraudsters will get the information of In July 2018 fraudsters hacked into Canara bank ATM
the customers like their phone number, name, id proof and so servers and wiped off almost 20 lakh rupees from different
many from an organization or from some public domains. bank accounts. The number of victims was over 50 and it was
After that, they were getting the 4G sim card by producing the believed that they were holding the account details of more
required information of customers who uses 3G sim card with than 300 ATM users across India. The hackers used skimming
their phone numbers to the telecom company and call the devices on ATMs to steal the information of debit card holders
customer and act as a customer service executive. They will and made a minimum transaction of INR 10,000 and the
give 20-digit number which will be written at the back side of maximum of INR 40,000 per account. On 5 August 2018, two
4G sim card and ask the customer key in and activate the 4G men were arrested in New Delhi who was working with an
sim card easily. When customers do that, the 3G sim card will international gang that uses skimming activities to extract the
be deactivated and 4G sim card will be activated. But 4G sim details of bank account.
card is still with the fraudsters in which they will perform
bank transactions and receive OTPs. PREVENTION MECHANISM – [8] Enhancement of the
security features in ATM and ATM monitoring systems can
PREVENTION MECHANISM – [8] Sharing personal prevent any misuse of data. Another way to prevent the
information with unknown applications and domains can help fraudulent activity is to minimize the risk of skimming by
in minimizing the risk of having your personal information using lockbox services to receive and transfer money safely.
reaching people with malicious content. Fraudsters use the This uses an encrypted code which is safer than any other
victim’s information in various scams and trick them into payments.
fraudulent activities. It is advisable therefore that the site
where an individual is entering his banking or other details 8. Hacking the Websites [8]:
should be verified for authenticity, as scammer uses the fake Over 22,000 websites were hacked between the months of
site to get the information directly from prospective victims. April 2017 and January 2018. As per the information
Also, the customers are required to activate the sim card if presented by the Indian Computer Emergency Response
physically, the sim card is with them. Team, over 493 websites were affected by malware
propagation including 114 websites run by the government.
6. Cyber Attack on Cosmos Bank [8]: The attacks were intended to gather information about the
A daring cyber-attack was carried in August 2018 on services and details of the users in their network.
Cosmos Bank’s Pune branch which saw nearly 94 Crores
rupees being siphoned off. Hackers wiped out money and PREVENTION MECHANISM – [8] Using a more secure
transferred it to a bank which is situated in Hong Kong by firewall for network and server which can block any
hacking the server of Cosmos Bank. A case was filed by unauthorized access from outside the network is perhaps the
Cosmos bank with Pune cyber cell for the cyber-attack. best idea. Personal information of individuals is critical for
Hackers hacked into the ATM server of the bank and stole users and cannot be allowed to be taped into by criminals.
details of many visa and rupay debit cards owners. The attack Thus, monitoring and introducing a proper network including
was not on centralized banking solution of Cosmos bank. The a firewall and security system may help in minimizing the risk
balances and total accounts statistics remained unchanged and of getting hacked.
there was no effect on the bank account of holders. The
switching system which acts as an interacting module between These are the most common the cyber crimes happened
the payment gateways and the bank’s centralized banking until now all over the world. In the upcoming section, by using
solution was attacked. The Malware attack on the switching this cyber crime a short review on a closer look at the “Web of
system raised numerous wrong messages confirming various Profit” is been discussed.
demands of payment of visa and rupay debit card
internationally. The total transactions were 14,000 in numbers
with over 450 cards across 28 countries. On the national level, III. WEB OF PROFIT
it has been done through 400 cards and the transactions As said by Nohe, P. (2018) [9], cybercrime has evolved
involved were 2,800. This was the first malware attack in into an entire economy rife with professionalization and filled
India against the switching system which broke the with parallels to legitimate industries. In 2016, the US Federal
communication between the payment gateway and the bank. Bureau of Investigation estimated that Ransomware payments
would reach $1 billion. Two years later that shows no signs of

3
Annamalai Lakshmanan
slowing down. Here’s a sampling of some of the highest- COMPANY YEAR HELD NO. OF USERS
profile Ransomware from the past five years as well as how NAME COMPROMISED
much money it made. Yahoo 2013 - 2014 3 - Billion
Under Armour 2018 150 - Million
ebay 2014 145 - Million
EQUIFAX 2017 143 - Million
Facebook 2018 87 - Million
JPMorganChase 2014 76 - Million
PlayStation 2011 77 - Million
Uber 2016 57.6 - Million
The Home Depot 2016 56 - Million
Table 1. Company Name and No. of users compromised with
Fig 2. Ransomware with profits table year happened

As said by Nohe, P. (2018) [9], the theoretical annual As said by Nohe P. (2018) [9], the Dutch police shut down
revenues achieved by the cybercrimes are shown below in the the world’s largest DDoS-for-hire service, “webstressor.org”
form of table with types of cybercrimes. and arrested six people behind it. The site had over 136,000
registered users and allowed customers with little or no
technical knowledge to launch a Distributed Denial of Service
attack for about £10. The service was responsible for attacking
seven of the UK’s biggest banks in November of 2017, in
addition to various government institutions and gaming
services. So, based on this value and data, the cybercrimes
will not be stopped and will continue to increase. In the
upcoming section, the threat analysis in the recent period is
been discussed.
IV. THREAT ANALYSIS IN THE RECENT PERIOD
Fig 3. Types of cybercrimes with its annual revenue
As said in the Kaspersky Lab Analysis [10], the analysis of
One of the most interesting aspects of the current threat sources for January 2019 from internet, the percentage
cybercrime economy is the way it’s stratified, with large of attacked users is 12.80% and from removable devices is
operations functioning almost as multi-national corporations 3.17%. While from Mail is 3.15% and from network folders is
and smaller operations mirroring single proprietor small 0.30%.
businesses. Large cybercrime operations can make profits
totaling over $1 billion per year while smaller operations tend
to make between $30k-$50k. For an individual with the right
skillset, cybercrime can be incredibly lucrative. An individual
cybercriminal can make upwards of half a million dollars in a
year simply by trafficking in stolen data. Like real criminality,
cyber criminals can generally be broken down into levels. Not
every hacker is exceptional. Some, like low-level criminals,
are content to execute petty crimes that don’t pay all that well.
Others are highly specialized and only work when the money
is good.

In general, cybercriminals earn about 10-15% more than


their counterparts in traditional crime, with high earners taking
home upwards of $167k per month, middle earners in the $75k
range and low earners making 3.5k per month. Also, while a
talented hacker can make somewhere near to $30k on a job or Fig 4. Threat sources vs % of attacked users
two, a platform manager offering multiple card data forums
can earn up to $2 million per month. For industrial computers, the top most attacked countries
with highest percentage for January 2019 is Algeria, Morosco,
MAJOR DATA BREACHES: Egypt, Vietnam and Indonesia. The total percentage of
industrial computers attacked in the month of January 2019 is
The below are the major data breaches that has happened, roughly around 22.3%. The below is the graph for Threat
and millions and millions of user’s data have been stolen and sources and percentage of industrial computers attacked in
sold out for huge profits. In this, cybercriminals want data and January 2019 is shown below.
they know were to look and take the data.

4
Annamalai Lakshmanan
[4] Norton "cybercrime definition". Retrieved 24th
October, 2015, http://us.norton.com/cybercrime-
definition.
[5] Kumar, P. N. V. (2016). Growing cybercrimes in
India: A survey. Proceedings of 2016 International
Conference on Data Mining and Advanced
Computing, SAPIENCE 2016, 246–251.
https://doi.org/10.1109/SAPIENCE.2016.7684146
[6] Mbelli, T. M., & Dwolatzky, B. (2016). Cyber
Security, a Threat to Cyber Banking in South Africa:
An Approach to Network and Application Security.
Proceedings - 3rd IEEE International Conference on
Cyber Security and Cloud Computing, CSCloud 2016
and 2nd IEEE International Conference of Scalable
and Smart Cloud, SSC 2016, 1–6.
https://doi.org/10.1109/CSCloud.2016.18
Fig 5. Top Countries by % of industrial computers attacked [7] Yu, H., Hou, S., & Lang, L. (2018). The Exploration
of Historical Blocks’ Protection and Renovation
The below is the number of attacked users in terms of % by Based on the Theory of City Image. Current Urban
using malware platforms is shown. In the malware platforms, Studies, 06(03), 425–432.
the most used are Visual Basic Script, .NET Framework, https://doi.org/10.4236/cus.2018.63023
JavaScript, PDF, AutoCAD. The below is the graph which [8] Testbytes.net. (2018). Major Cyber Attacks on India
explains clearly – (2018) - Testbytes. Retrieved August 23, 2018, from
https://www.testbytes.net/blog/cyber-attacks-on-
india-2018/
[9] Nohe, P. (2018). 2018 Cybercrime Statistics: A
closer look at the Web of Profit. Retrieved from
https://www.thesslstore.com/blog/2018-cybercrime-
statistics/
[10] CERT, K. L. I. (2019). Kaspersky Lab ICS CERT _
Kaspersky Lab Industrial Control Systems Cyber
Emergency Response Team. Retrieved September 20,
2001, from https://ics-cert.kaspersky.com/

Fig 6. Malware platforms vs % of attacked users


V. CONCLUSION
Thus, the cybercrime activities will be increasing in the
upcoming days and will not be stopped. So, a better approach
to stop this cybercrime is to build a powerful system which
can stop this kind of crimes by comprising of powerful
firewall, IDS, SDN Controller and maintenance should be
done periodically. Also, the protection for the customer’s data
should be given higher priority and place it confidentially with
high privacy. The conclusion of this literature review is that
the data is so much important now a days as it can be used to
earn huge amount of money.
VI. REFERENCES
[1] PricewaterhouseCoopers (PwC) “Economic Crime
Survey India Report, 2011
[2] Vangie Beal "definition of Cyber-crime". Retrieved
24th October 2015, http://www.webopedia.com
/TERM/C/cyber_crime.html
[3] KPMG in India, Cybercrime survey report, 2014

View publication stats