Like other forms of crime, cybercrime has an impact on the victim far beyond the immediate financial cost.
70% of New Zealand adults have experienced some form of cybercrime according to the Norton Cybercrime Report: The Human Impact and their most common response is anger (72%), followed by annoyance (67%) and frustration (49%).
Cybercrime costs Kiwis on average NZ$528.73 to resolve and 28% of those surveyed said they never fully resolved the cybercrime with some also counting time and the emotional burden as other costs. For those who did get a resolution, it took 28 days on average to sort, which was the biggest hassle for 33% of victims surveyed, while 21% of survey participants noted the general feelings of stress and anger as the biggest hassle caused by the cybercrime.
Many Kiwis are using computers that they don’t realise are infected with botnets, Trojans, or keystroke loggers. These forms of malware rely on stealth forms of operation. Most cybercriminals are very careful to avoid detection; their lines of code are silently dropped onto your system and then remain in place, conducting the cybercriminal business without your immediate knowledge. Cybercrime is silent. Cybercrime is also nearly invisible.
Cybercrime affects most New Zealanders Nine in 10 respondents say they are thinking about cybercrime and only 3% think cybercrime won’t happen to them. Computer viruses or malware were found to be the most common type of cybercrime experienced, with almost two out of three New Zealanders having computer viruses or malware appearing on their computer. In addition, approximately one in three said they had experienced other types of cybercrime.
Cybercrime today can include social engineering, spam and phishing attacks – across a range of media, including email, chat and social networking sites – to steal bank account numbers and other confidential information, as well as whole identities, often for financial gain.
More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering is likely the world’s second oldest profession and its exploitation in the digital world was nothing unexpected. However, we have seen its effectiveness improve even further thanks to Web 2.0. Popular social networking applications attract millions of users every day, posting photos and updates from their daily lives, making contact with friends and business associates, connecting with new people through groups and events. We have become accustomed to receiving emails announcing so-and-so would like to be our "friend” or is now "following” us. Attackers take advantage of this and devise ever-more creative and convincing tricks to get users to download malware or divulge sensitive information.
Phishing attacks are a prime example of a socially engineered threat. Phishing URLs are usually delivered by spam email. The phishing website mimics the legitimate website of the organisation whose brand is being spoofed. The motive behind most — if not all — phishing is financial gain. Phishers typically exploit brands associated with the financial sector because they’re after online banking account and login details.
Through the first half of 2010, approximately one in every 476 emails included some form of phishing attack. There have been numerous bank phishing scams and social networking sites were also hit with phishing attacks.
Botnets are collections of thousands of computers owned by regular people and secretly controlled by cybercriminals. With a huge botnet comes real power, from unsuspecting PC owners directed toward targets such as governmental agencies and private and public companies.
Botnets can work by stealing information from thousands (or millions) of individual computers. Cybercriminals can tell their botnet armies to install spyware, like keystroke logging malware, and to report back sensitive information, like banking login passwords or credit card numbers. The criminal can then use the information personally, or sell it to others who will take advantage of it. Unfortunately each computer in a botnet army is linked to an unsuspecting owner whose entire identity could be at risk. Or the botnet could be used to attack.
In 2007, in Estonia, the internet was shut down due to denial-of-service attacks (i.e. being overwhelmed by botnet contact), and Georgia was severely disabled by Russian botnets in 2008. Other than taking entire countries offline, botnets could disable news sources, transportation websites, or overpower other highly important web sites.