Cyber extortion research #1
docx
keyboard_arrow_up
School
Centennial College *
*We aren’t endorsed by this school
Course
190
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
7
Uploaded by BarristerButterfly3397
1.
Introduction and definition of cyber extortion
Cyber extortion is a digital crime in which cybercriminals exploit security weaknesses to gain
access to digital systems and gain unauthorized access to valuable data. This data can range from
confidential information and intellectual property to financial currency and critical infrastructure
systems.
Once they obtain these information, cybercriminals demand a ransom from their victims. These
individuals find themselves in a delicate situation where they are forced to pay to prevent
disclosure, alteration, or destruction of their assets, or as a means to regain legitimate possession.
Two forms of cyber extortion are predominant: ransomware and distributed denial-of-service
(DDoS) attacks. Ransomware is a malicious program that encodes the victim's data, making it
inaccessible until a ransom is paid. DDoS attacks, on the other hand, flood a victim's network,
service, or system with Internet traffic, provoking a shutdown. The attackers then demand a
ransom to stop the attack.
Cyber extortion causes significant financial and reputational damage to its victims, leading
organizations, and individuals to implement cybersecurity policies and measures to mitigate this
growing threat.
Although the definition of cyberextortion often overlaps with other types of cyberattack, as
previously mentioned, it is important to break-down in more detail how it works, how it presents
itself, and how to prevent it.
2.
History of cyber extortion
Cybercrime has grown considerably in the last decade, becoming a $1.5 trillion industry with
organized structures that emulate legitimate companies. Some offer technical guidance and
customer support for ransomware services, and even use pop-up ads to sell their illicit products.
Despite its recent surge, cybercrime isn't a new threat; it dates back centuries. The first cyber
attack occurred in 1834 in France, where attackers accessed the telegraph system to steal
financial market information. Since then, cybercrime has evolved with changing tactics and
procedures, increasing in the mid-20th century with the digital revolution.
The beginnings… 1960-1980s
The modern history of cybercrime began in 1962 when Allen Scherr started a cyber attack on MIT's computer networks. Later milestones include the creation of the first computer virus in 1971 and the first person convicted of cybercrime in 1981 for hacking into AT&T's systems. The 1988 "Morris Worm" marked the first major internet cyber attack.
The 1990s
In the 1990s, when the Internet connected people around the world, cybercrime skyrocketed as the rapid development of technology overwhelmed security controls. Notable incidents included attacks on the Air Force's Rome Laboratory, attempted bank robbery through hacking, and the widespread impact of the Melissa Virus in 1999.
2000-2010
The 2000s saw escalated cybercrime with advanced attacks and the rise of state-sponsored threats. Notable incidents included DDoS attacks, data leaks, and breaches compromising millions of users. The 2010s saw a surge in cybercrime, with major incidents like the Stuxnet worm, Zeus Trojan stealing millions, and high-profile breaches at Sony, Target, and Nokia.
2020-Present
From 2020 to the present, cybercrime continued to escalate with data breaches, ransomware attacks, and exploitation of vulnerabilities. Notable incidents include the SolarWinds compromise, Colonial Pipeline ransomware attack, and disruptions to organizations like Kaseya, Log4j, Costa Rica's social security agency, and Rockstar Games.
WHAT’S NEXT…
As cybercrime evolves, threat actors adopt advanced technologies, including machine learning and Artificial Intelligence, reflecting cybersecurity efforts. The rise of ransomware-as-a-service involves collaborative attacks, emphasizing the need for multifaceted defenses. The future of cybercrime is still uncertain, requiring vigilance and comprehensive cybersecurity strategies from both individuals and organizations.
3.
Common types of cyber extortion
Different forms of cyberextortion
Cyber extortion manifests itself in diverse ways, each with its own methods and consequences. Recognizing these common types not only helps individuals and organizations find potential threats, but also enables the development of effective ways to respond to them.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
a.
Ransomware attacks
In a ransomware incident, cybercriminals hack into a network and lock the victim's data by encrypting it, making it inaccessible. They then demand payment, often in impossible to trace cryptocurrencies, in exchange for the decryption key.
b.
Distributed Denial of Service (DDoS) extortion.
This type of cyber extortion consists of flooding a victim's website or network with excessive Internet traffic, causing a shutdown. The hacker then asks for a payment to stop the attack.
c.
Extortion by doxing
In doxing situations, cybercriminals obtain sensitive or embarrassing information about a victim and threaten to expose it unless a ransom is paid. This method takes advantage of the potential damage to victims' reputations to persuade them to agree to the extortionists' demands.
d.
Data Breach Extortion
Like doxing, extortion by data breach involves the unauthorized access and the leak of confidential data, but usually on a much larger scale, often involving companies or big organizations. Attackers threaten to disclose or sell the information stolen if a ransom is not paid.
This data may include private business information, customer data or other confidential information.
e.
Sexual cyberextortion (sextortion)
In cases of "sextortion", offenders trick victims into providing them with explicit photos or videos, or they may also hack into the victim's device to obtain these materials. They then threaten to demand money by threatening to share the explicit content with the contacts of the victim or on the Internet.
f.
Software vulnerability extortion
In this scenario, cybercriminals identify vulnerabilities in a company's software and demand a ransom to avoid exposing the weakness. They use the potential damage from other malicious actors exploiting the vulnerability to extort money from the victim.
Final:
Each type of cyberextortion uses different tactics and targets, demanding specific prevention and mitigation measures. However, they all have a common goal: to exploit access, control or information to force victims to pay a ransom.
FINAL SLIDE
Distinguishing between cyberextortion and ransomware
The terms "cyberextortion" and "ransomware" are often used interchangeably in the cybersecurity field, but it is essential to recognize that they are not synonymous.
Cyber extortion is an overall category that includes several methods of digital extortion. Perpetrators demand a ransom from victims to prevent damage or disruption, which may include threats of data leakage, system downtime or exposure of sensitive information. Cyber extortion methods include ransomware attacks, DDoS attacks, doxing and sextortion, among others.
Ransomware, meanwhile, is a specific type of malware and a specific form of cyber extortion. In
a ransomware attack, malicious software is introduced into the victim's system, often through phishing or by exploiting vulnerabilities. This malware encrypts the victim's data, making it inaccessible. The attackers then offer a decryption key in exchange for payment, allowing the victim to regain access to their data.
In summary, ransomware is a tool or technique that is used by cybercriminals and represents one of several strategies within the wider category of cyberextortion. Although all ransomware attacks fall under the category of cyber extortion, not all incidents of cyber extortion involve ransomware.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
(BlueVoyant, 2022)Bibliography
Arctic Wolf Networks Inc. (2022, November 16). A Brief History of Cybercrime
. Retrieved from https://arcticwolf.com/resources/blog/decade-of-cybercrime/
BlueVoyant. (2022). Cybercrime: History, Global Impact & Protective Measures
. Retrieved from https://www.bluevoyant.com/knowledge-center/cybercrime-history-global-impact-protective-
measures-2022
Proofpoint Inc. (2023). What Is Cyber Extortion?
Retrieved from https://www.proofpoint.com/us/threat-
reference/cyber-extortion
Yasar, K. (2023). Threats and vulnerabilities
. Retrieved from Cyber Extortion: https://www.techtarget.com/searchsecurity/definition/cyberextortion