Tools and Methods used in Cybercrime

Chapter 3: Tools and Methods used in Cybercrime

3.1 Introduction

• Different forms of attacks targeting computer systems:

  • Initial uncovering

    • Reconnaissance: Gathering information about the target from internet websites.

    • Finding internal network information: Internet domain, machine names, and IP address ranges.

  • Network probe (Investigation):

    • Using invasive techniques to scan information.

    • Ping sweep of network IP addresses.

    • Port scanning to discover running services.

    • Activity not yet considered abnormal or an intrusion.

  • Crossing the line toward E-crime:

    • Exploiting holes in the target system.

    • Gaining access to a user account.

    • Attempting further exploits to get administrator "root access".

    • Root access:System privileges required to run all services and access all files.

  • Capturing the network:

    • Gaining control of the internal network.

    • Installing tools that replace existing files and services with Trojan files and services having a backdoor password.

  • Grab the data:

    • Stealing confidential data, customer credit card information.

    • Defacing webpages, altering processes.

    • Launching attacks at other sites from the compromised network.

  • Covering tracks:

    • Activities to extend misuse of the system without detection.

    • Taking care to hide identity from the first step.

Scareware, Malvertising, Clickjacking, and Ransomware

• Scareware:

  • Scam software with malicious payloads or limited/no benefit.

  • Sold to consumers via unethical marketing practices.

  • Uses social engineering and causes anxiety or perception of a threat.

  • Example: Pop-up messages claiming to create a false sense of urgency, often trick users into downloading harmful software that compromises their data security.

that the user's device is infected with malware, prompting them to download malicious software or call a scam hotline for assistance