Cybercrime – what’s at stake?

Home / News / Cybercrime – what’s at stake?

Cybercriminals use malware for many reasons, the most important being:

  1. Identity theft by tricking a target into providing personal data
  2. Stealing financial and credit card data
  3. Take complete control over several computers to launch DDoS attacks
  4. Infecting computers and use them as bitcoin and other cryptocurrencies mining devices.

The Cybercriminal market gives many ways to earn money. With technology becoming widespread,
traditional offline crimes tend to shift into online spaces. Cybercriminals include both buyers and sellers.
They gather to perform transactions of data. Products divide into three broad categories:

  1. Stolen data:
    a. Stolen credit card data
    b. Stolen bank accounts
    c. Online payment accounts
    d. Other personal credentials (IDs, passwords)
  2. Cybercriminal tools:
    a. Malicious software
    b. Hacking tools
    c. Botnets
    d. Phishing kits
  3. Cybercriminal services:
    a. Cash-out services
    b. Consulting services

Cybercriminal sellers’ way to do criminal business is to advertise products on the different web forums
and Internet Chat Relay (ICR). Both buyers and sellers complete transactions by use of communication
methods that provide them privacy. Communication channels are often private messaging apps or direct
messaging features. Money exchange is done by using several well-known methods. Established trust in
buyers/sellers relationship is crucial in this industry.

What are the losses to our Clients?

We generally can divide them into direct and indirect losses. Direct costs are businesses out of pocket
expenses for cleaning up after a ransomware attack, repairing damaged networks and elements, but not
just in money. There are also other costs and consequences. There are also costs and losses suffered by
infrastructure, users and operations affected by the attack.

Direct costs calculation includes loss of services, loss of time, loss in equipment, loss in production,
personal information losses and others such as:

  • Ongoing recruiting
  • Operational disruption that includes replacement or upgrading of damaged equipment but also reserve parts
  • Organisation and business continuity plan
  • Agreements included IT security service
  • Security information and event management, access control procedures
  • Disruption of business income
  • Additional insurance charges
  • Losses in intellectual property
  • Costs of recovery process
  • Risk assessment costs
  • Damage to trade name costs
  • Loss of customer relationships/contacts
  • Loss of life/health
  • Loses from disruption to internal sites and webpages
  • IT specialists and external contractors for bringing back all systems to full functionality
  • Legal complaints and privacy violation issues,
  • Security product licence fees

On the other hand indirect costs are more connected to the economic concept of negative external
impact and are third party consequences. Third parties are not directly victims of the attack, and
they are not responsible for support. Indirect costs include:

  • A decline in future revenues
  • Insurance
  • Market breakdown due to attack may also strike cyber security stipulations, which have aconsequent economical influence
  • Attack related government activities
  • Productivity losses
  • Privacy trauma and privacy preservation in the future
  • The recovery process,
  • Increased cyber-security investments (installing additional cyber security technologies and procedures/policies)
  • Hiring cyber-security experts and adding externals audits
  • Reduced foreign investing in the region which had experienced cyber-attack
  • Losses in stock market

As everyone knows, the pandemic COVID19 made 2020-2022 successful years for ransomware attacks.
Remote work vulnerabilities are on the rise with 70% of organizations expect at least a third of remote
workers will remain remote in the next year. Remote working introduced new risks, and 73% of high-
level executives are concerned that the distributed workforce has introduced new vulnerabilities and
increased exposures. Additionally, in the last years, the “data leak trend” has become more often used
and explored. Advanced malicious software represents a severe threat to the computer systems owned
by companies, society and in private. Improved machine learning techniques allow malware creators to
create thousands of new malware versions daily. Human error will remain the weak link, and
cybercriminals will continue to take advantage of that weakness.

Related articles

Welcoming DORA… another star on the stage of compliance!
Most commonly used in phishing attacks...
Please be advised that our website is using cookies for marketing, statistical and functional reasons. In order to optimize the content on our website and to adapt them to your individual needs, we use informations saved using cookies on users’ end devices. Cookies can be controlled by the user through the settings of their web browser. By contiuning to use our website without changing your web browser settings, you are accepting the use of cookies.
I accept More info