September 22, 2023

Digital Delinquents: 5 Real-World Cybercrime Examples

Let’s explore what cybercrime is, the types of cybercrime, a few more world examples, and how to avoid it.

According to updated statistics for 2023, approximately 300,000 new malware appear every day. I personally run across phishing emails nearly once every few days…it’s not fun.

The world of cybercrime is growing with no end in sight. So it’s important to keep your company up to date on current cybersecurity trends and practices.

In August 2023 alone, 73 publicly disclosed security breaches occurred worldwide. These breaches in total accounted for 79,729,271 records and affected some big organizations.

So far, according to the same source, in 2023 767 announced security breaches occurred. This includes one of the largest security breaches of the year, Twitter (now called X) with 220 million breached records.

Now that I’ve got your attention let’s explore what cybercrime is, the types of cybercrime, a few more world examples, and how to avoid it.

What is Cybercrime?

When talking about cybercrime and hackers, I’m sure you already have a specific image in your mind. Some shady person in front of a glowing computer screen, typing in pages of code while laughing maniacally… or maybe that’s just what pops into my head. Anyway, most of us who have a computer have at least heard of this growing threat.

Cybercrime is a criminal activity which targets the following:

  • Computer
  • Computer Network
  • Network Device

A cybercriminal will often use a computer to gain access to someone’s personal information, organization/government information, or to disable a device. The incentive for cybercriminals to hack these networks often boils down to money and profits, but can also involve political or personal motives.

Both individuals and entire organizations are guilty of carrying out cyber attacks. Some hackers use advanced technical skills, while others are novice hackers just getting started (but are still dangerous).

There are two main types of cybercrime: targeting computers and using computers. Targeting computers is exactly what it sounds like, it includes every way a hacker can cause harm to computer devices.

Using computers refers to a cyber criminal who uses a computer to do all classifications of computer crimes.

There are four classifications of these crimes:

  1. Individual Cyber Crimes: cybercrime that targets an individual.
  2. Organization Cyber Crimes: cybercrime that affects an entire organization.
  3. Property Cybercrimes: targets property such as credit card information or even intellectual property rights.
  4. Society Cybercrimes: this includes dangerous forms of cybercrime such as “cyber-terrorism”.

As you can imagine, there are plenty of different methods to use when committing cybercrime. Criminals tend to take advantage of any security holes in a system, such as weak passwords.

Different Types of Cybercrime

Malware is software that cybercriminals use to disrupt their target’s network. This software is often downloaded by the target without their consent via different forms of contact such as emails, clicking on malicious links, and drive-by downloads.

The following are some examples of cybercrime, some of which utilize malware to gain access to the desired information:

  • DDoS Attacks: These attacks are effective by making online service unavailable/taking entire networks down. Hackers do this by overwhelming the target’s network or site with traffic from multiple sources. Hackers then create and deposit malware known as Botnets onto users’ computers, allowing them to hack into their system while the network is down.
  • Botnets: As we went over just a moment ago, Botnets are not your friend. They are networks that reside in a compromised computer system, allowing control of the system by an external user - usually a cybercriminal. These remote hackers then send the user spam or sometimes even attack other computers through the botnets. Botnets are also able to function as malware, causing significant harm to a user’s system as it carries out malicious tasks.
  • Identity Fraud: According to the FBI Internet Crime Report of 2021, more than 300,000 Americans fall for identity theft through many different forms of cybercrime. Identity fraud or identity theft occurs when a cybercriminal gains access to a victim’s personal information. This can include name, birthday, social security number, and passport number. Information like this allows criminals to gain access to someone’s funds and confidential information, among many other serious offenses.
  • Social Engineering: This tactic by cybercriminals involves gaining a victim’s trust by direct communication through either phone or email. Oftentimes, they will pose as customer service representatives in hopes of gaining passwords to hack into your account. From there, the cybercriminal can gain access to your bank account or simply sell your information.
  • Ransomware: If the name of this cybercrime tactic sounds scary to you, it’s because it is. Much like asking for a ransom in a kidnapping situation, cybercriminals will hack your system and take your information, only to turn around and demand a ransom for you to get it back. Usually, they ask for large amounts of money.
  • Phishing: Phishing is one of the most prevalent forms of cybercrime today, with an estimated 3.4 billion spam emails sent out a day. Phishing involves hackers sending emails that contain malicious attachments or URLs. If victims click on these links, their system opens to the hacker and allows them to gain access to your sensitive information.

Real-Life Cybercrime Examples

MGM: September 2023

MGM Resorts reported on September 11, 2023 that a “cybersecurity issue” began affecting some of its systems. The hotel/casino chain promptly shut down these systems in order to protect themselves. Subsequently, hotel room digital keys and slot machines were out of order, causing nothing short of chaos for resort guests and the organization itself.

Reports that the hackers used an employee's information on LinkedIn to impersonate them in a call to MGM’s IT help desk. This act of social engineering allowed the cybercriminals to then gain access to that employee’s credentials. Though, MGM has not confirmed this.

While rumors continued to spread, MGM did not respond to a request for information on who was behind the attack.

Oregon and Louisiana Departments of Motor Vehicles: June 2023

One of the organizations directly affected by the MOVEit software breach happens to be our next example. The US states of Oregon and Louisiana reported that their departments of motor vehicles experienced data loss. Louisiana’s Office of Motor Vehicles (OMV) reported at least 6 million records stolen. Meanwhile, the Oregon Department of Motor Vehicles (DMV) estimated around 3.5 million stolen driver’s licenses and identity cards.

The states’ third-party software breach resulted in leaked personal information such as names, addresses and birthdates, Social Security numbers, vehicle registration numbers and handicap information.

MoveIT: May 2023

The largest hack of 2023, not to mention one of the largest in recent history, belongs to MOVEit. Everything began in May of 2023 when Progress discovered a vulnerability in MOVEit Transfer. For reference, MOVEit Transfer is their file transfer service which thousands of organizations utilize around the world. Data moved through this service is often sensitive in nature.

This vulnerability allowed hackers to infiltrate the servers and steal these organization’s sensitive information within. Most notably a notorious ransomware and extortion cybergang by the name of Clop is taking advantage of this security vulnerability.

So far the number of organizations affected by this breach is over 1,000, and the number of individuals affected is sitting around 60 million. Experts expect numbers to rise as time goes on and more organizations confirm their MOVEit security breaches.

Shields Health Care Group: April 2023

April 2023’s largest data breach was due to a cybercriminal gaining unauthorized access to the Shields Health Care Group’s systems. This Massachusetts-based medical services provider reported the personal data leak of over 2.3 million people.

The incident, according to Shields, dates back to March 2022, when they first noticed suspicious activity on their servers. The organization followed protocol by sending letters to individuals affected. However, the firm’s investigation concluded this year and was able to fully reveal the scale of the damage. Sensitive data extracted by cybercriminals in the two weeks the breach was active included:

  • Patients’ Social Security numbers.
  • Dates of birth, home addresses.
  • Healthcare provider information.
  • Healthcare history.
  • Billing information.
  • Insurance numbers.

Latitude Financial: March 2023

In March of 2023, the Melbourne-based company Latitude Financial suffered a security breach resulting in the compromise of more than 14 million records. The company, which provides loans and credit cards, reports that the cybercriminals captured several different types of data in their attack.

Nearly 8 million driver’s licenses, along with 53,000 passport numbers fell into the hands of these hackers. The list of compromised data continues as dozens of monthly financial statements and an additional 6 million records dating back to 2005 became compromised at this time.

Unfortunately, public scrutiny over this breach intensified as originally Latitude Financial reported the attack only affected 300,000 people.

How to Avoid Cyberattacks

So how can you avoid falling into a cyber scam? Here are a few steps that individuals and organizations can take to protect personal information and avoid financial damage.

  • Update your software and operating system regularly. This ensures you are benefiting from the latest security patches to protect your computer and network system.
  • Invest in anti-virus protection. Using a comprehensive internet security solution allows you to scan your computer, which helps detect any threats before they become a problem.
  • Use strong passwords and be sure to NOT record them anywhere.
  • Do not open attachments in emails from senders you don’t know.
  • Do not click on links sent from unknown sources.
  • Do not give out personal information unless it is through a secure network.

Conclusion

Safeguarding yourself against the threat of cybercrime needs to be on top of your priority list.

You can avoid cyberattacks by ensuring you stay up to date on the latest cyber threats, but to be honest that only gets you so far. The ultimate way to protect yourself and your organization from looming cybersecurity threats is by implementing training.

Cybersecurity training gives you and your organization unique insights on trends while testing what you learn.