Trials and demos
How to buy
What Is Cybercrime?

Cybercrime

What is cybercrime?

Cybercrime is illegal activity involving computers, the internet, or network devices. Cybercriminals commit identity theft, initiate phishing scams, spread malware, and instigate other digital attacks.

Thwart cybercrime with XDR Four extortionware tactics
What exactly is cybercrime?

What exactly is cybercrime?

Cybercrime refers to illegal actions using computers or the internet. Some examples of cybercrime include:

  • Stealing and selling corporate data
  • Demanding payment to prevent an attack
  • Installing viruses on a targeted computer
  • Hacking into government or corporate computers

 

Cybercrime video graphic

What are the categories of cybercrimes?

The major categories of cybercrimes are:

  • Attacks on individuals: identity theft, cyberstalking, or credit card fraud
  • Attacks on property: DDoS attacks, installing viruses on computers, or copyright infringement
  • Attacks on government: hacking, cyber terrorism, or spreading propaganda

What are the effects of cybercrime?

Attacks caused by cybercriminals can leave a significant financial and social impact on governments, businesses, and individuals. Other effects of cybercrime on businesses can include damage to the brand's reputation, legal consequences of a data breach, and loss of sensitive data.

How is cybercrime evolving?

Cybercrime is advancing with technology, adapting to evade existing defenses. Early forms began in the 1980s as email-enabled scams and viruses. Current cybercrime trends include the rise of AI-driven social engineering and phishing, ransomware as a service (RaaS), commercial spyware, and extortionware.

How does cybercrime work?

What are the causes of cybercrime?

Cyberattacks are becoming more prevalent due to easily accessible computers, cloud data and storage, human negligence and vulnerability, network and application system vulnerabilities, and the increasing number of bad actors who want to exploit the vulnerabilities.

How do criminals gain unauthorized access?

Cybercriminals employ a variety of evolving methods to access an individual's or business's protected data. Installing malware on a victim's computer can allow an attacker to manipulate, delete, or steal data. Criminals also use phishing attacks to trick a target into revealing login credentials.

What are recent trends in cybercrime?

Cybercriminals are getting more aggressive with their tactics. Cisco Talos reports that hackers are engaging in extortion by holding data ransom, threatening to release it in the dark web, often after a first ransom is paid to decrypt network systems. Read current threat advisories from Cisco Talos.

What are examples of cybercrime cases?

Here are some real-world cybercrime examples: One real-world example of cybercrime occurred when a manufacturing company fell victim to a phishing email in 2020. Opening a malicious attachment launched a Maze ransomware attack. Cisco Talos Incident Response intervened and contained the threat, preventing the attack's ransomware component.

Another example of cybercrime is the phishing-as-a-service (PaaS) platform known as Greatness. This PaaS targets users of a popular productivity software with convincing decoy login pages. Attackers have used the Greatness phishing kit since 2022 to launch man-in-the-middle attacks and steal authentication credentials.

Read our e-book on phishing trends

How does cybersecurity work?

How can individuals and businesses protect data?

Individuals can protect themselves from cybercrime by using multi-factor authentication (MFA) and strong passwords, keeping software up to date, and staying vigilant against phishing. Businesses can safeguard sensitive data from evolving cybercrimes with network security solutions, utilizing cloud-delivered security with SSE and endpoint protection for all devices.

How does cybersecurity prevent cybercrime?

Cybersecurity plays a crucial role in preventing and mitigating cybercrime. Solutions like ZTNA ensure least privilege access and security services help identify vulnerabilities and risks, protect systems with security controls, detect potential threats, respond to incidents, and facilitate recovery.

How do cybersecurity experts combat cybercrime?

Cybersecurity professionals combat cybercrime by analyzing attacker behavior. MITRE ATT&CK is a common knowledge base cyber risk managers use to understand attackers' techniques and effective mitigations that prevent cybercrime and minimize its impact.

Examples of cybercrime

Here are some real-world cybercrime examples: One instance occurred when a manufacturing company fell victim to a phishing email in 2020. Opening a malicious attachment launched a Maze ransomware attack. Cisco Talos Incident Response intervened and contained the threat, preventing the attack's ransomware component.

Examples are:

-Cybercriminals selling sensitive data to a business's competitor

-State-sponsored groups gathering intelligence from enemy communication systems or disrupting infrastructure

Trial

Extended detection and response (XDR)

Cisco XDR unifies visibility, prioritizes threats, and delivers automated responses to protect what matters.

Try XDR for free

Demo

XDR self-guided demo

See Cisco XDR unifies your threat data, prioritizes based on risk, and delivers intelligence-backed responses.

See how XDR works

Webinar

Secure Endpoint webinars

Learn from on-demand and upcoming webinars how Cisco XDR helps simplify security operations while fortifying endpoint security.

Learn about XDR from the experts

What are common types of cybercrime?

Cyber extortion

Cyber extortion occurs when a cybercriminal attacks or threatens to attack a computer, network, or server and demands money to stop the attacks. Common examples of cyber extortion tactics are ransomware and extortionware. In these attacks, a bad actor encrypts a victim's files using malware until a ransom is paid for their release, preventing public exposure.

Understand ransomware

Cyber espionage

In cyber espionage, hackers attack corporations or governments for political, competitive, or financial reasons. The goal is to gather intelligence while remaining covert.

Get global threat intel

Ransomware

Ransomware is a type of malware, or malicious software, that encrypts files and data on a computer. To install ransomware on a computer, hackers use methods like email phishing, malicious advertising, or exploit kits. The malware takes control of specific files until the victim pays a ransom fee for their release.

Phishing

Phishing uses fraudulent emails or other forms of communication to convince a target to give up sensitive information or system access. In a phishing attack, a user clicks on a seemingly legitimate but harmful link in an email, downloads a malicious file, or gives away login credentials on a fraudulent site. This often leads to business email compromise.

Secure your emails

Malware

Malware is any type of malicious software distributed to a computer or network to steal its valuable information or damage its data. Malware can infect a network through email phishing, downloads from malicious websites, infected USBs, or software vulnerabilities. Examples of common malware include spyware, worms or viruses, botnets, and ransomware.

Get malware protection

IoT attacks

An IoT attack is an exploit of an Internet of Things (IoT) device, such as security cameras, manufacturing equipment, air quality monitors, or smart utility meters. Attackers exploit vulnerabilities in IoT devices to gain control of the device, access sensitive data, or break into other devices connected to the IoT system.

Explore IoT solutions

Domain Name System (DNS) tunneling

DNS tunneling is a DNS attack method of disguising malicious traffic, protocols, or software as DNS queries and responses. Abusing the DNS protocol allows attackers to bypass firewalls and other defenses and exfiltrate the target's data.

Conquer DNS tunneling

SQL injections

A Structured Query Language (SQL) injection is a common type of cyberattack in which hackers exploit a security vulnerability in an application with malicious SQL code to gain access to a web application database. A successful SQL attack could allow a criminal to access protected sensitive data and modify or delete it.

Denial-of-service (DoS) attacks

In a denial-of-service attack, an attacker floods a system, server, or network with traffic, making it unavailable to legitimate users. Attackers also use multiple compromised devices to launch a distributed DoS (DDoS) attack, a type of cybercrime that can be even more difficult to recover from.

Discover DDoS Protection

Zero-day exploits

A zero-day exploit occurs after a new network vulnerability is announced and before a patch is applied. During this window of time, systems are susceptible to cyberattacks as attackers target the disclosed vulnerability.

Detect zero-day vulnerabilities

How you can prevent cybercrime

Segment your network

Segmentation divides a network into smaller parts. This allows administrators to enforce access policies that control the flow of traffic and inhibit the spread of a cyberattack. Network segmentation can also improve operational performance and safeguard vulnerable devices from attacks.

Boost network management

Build zero-trust security

A zero-trust network continuously authenticates users and their devices at each access request. This is achieved through a combination of multi-factor authentication tools, device visibility, adaptive policies, and segmentation controls. Zero-trust security can help protect organizations from common cybercrimes like phishing, malware, and credential theft.

Discover zero trust

Deploy multi-factor authentication (MFA)

Activate multi-factor authentication on all possible online accounts. MFA adds two or more extra steps to verify a user's identity before authorizing access to applications and resources. Implementing an MFA solution across an organization can help prevent cybercriminals from accessing sensitive information.

See our MFA solution

Keep your software up to date

Regularly update your operating systems, devices, and websites with current patches to safeguard your assets and data. Cybercriminals can exploit known vulnerabilities, or software flaws, to breach a system and steal or damage data. Organizations can reduce the risk of a costly breach by updating security software with the latest patches.

Optimize vulnerability management (VM)

Deploy vulnerability management software to identify and prioritize weaknesses in your organization's environment. This solution can help organizations make data-backed decisions to proactively fix vulnerabilities before a cybercriminal has the chance to exploit them.

Read about VM

Use strong passwords

To help safeguard against cybercrime, use unique passwords, change your passwords regularly, and avoid using the same password on multiple sites. A password manager application can be used to generate complex passwords and store them in an encrypted format. However, in the event of a breach, all passwords could be compromised.

Explore password security

Use email security best practices

Practicing safe cyber hygiene with an email security solution in place can help prevent common cybercrimes like phishing, malware, and spam. Here are some best practices:

  • Use MFA or single sign-on (SSO)
  • Don't click links or download files from unknown senders
  • Create strong passwords
  • Encrypt sensitive emails and attachments

Discover email security

Deploy integrated network security solutions

Many types of network security solutions can help protect your organization's networking infrastructure from unauthorized access, data theft, and damage. An intrusion prevention system (IPS) is an example of a network security solution. An IPS defends your network by scanning traffic to actively block attacks and prevent the spread of outbreaks.

See network security types

Back up data and test restoration

Secure your data by regularly backing up information and testing the restoration process. Effective data protection measures such as off-site backups, encryption, and secure cloud storage are critical safeguards against cyberthreats like ransomware that could steal, damage, or destroy your data.

Protect sensitive data

Create an incident response plan (IRP)

It is important for organizations to develop policies and procedures to follow in response to a security incident. An incident response plan instructs IT staff on how to detect a security incident, stop the attack, and quickly recover from the event. Educate your team on the response plan and practice the process to minimize the length of a disruption.

Automate your IRP

Educate users on cybersecurity hygiene

Safeguard your workforce by educating users on cybersecurity policies and best practices. Train employees to:

  • Identify phishing attempts
  • Use unique, complex passwords
  • Browse the internet safely
  • Recognize social engineering tactics
  • Back up data regularly
  • Verify suspicious financial requests
  • Use MFA
  • Keep software updated
  • Report cybercrimes

Read about cyber hygiene

Take our Introduction to Cybersecurity course

What are types of cybersecurity solutions?

Firewalls

Firewalls use predefined security rules to decide whether to block or allow incoming and outgoing traffic. These barriers help prevent unauthorized access or malicious data from breaching your system.

Find your firewall

Extended detection and response (XDR)

XDR is an advanced cybersecurity solution that offers comprehensive threat detection and response capabilities. It correlates data from multiple sources across networks, endpoints, and cloud environments to provide a unified view of potential threats. XDR's machine learning and analysis of vast data sets streamlines cybercrime investigation and response.

Discover XDR

Security Service Edge (SSE)

SSE is a group of technologies that secure access to the web, cloud services and private applications regardless of the location of the user, their device, or where the application is hosted. SSE capabilities include threat protection, data security, access control, security monitoring, and acceptable-use control enforced by network-based and API-based integration.

Security Service Edge is ready

Advanced Malware Protection

Advanced Malware Protection (AMP) is a type of antivirus cybersecurity software that provides robust defense against sophisticated malware threats. AMP protects computer systems by proactively identifying and blocking software viruses like worms, ransomware, Trojans, spyware, and adware.

Detect and stop threats

Risk-based vulnerability management

A risk-based vulnerability management solution prioritizes and addresses system weaknesses for remediation based on their potential impact and likelihood of exploitation. Proactively patching high-risk vulnerabilities first helps minimize cybercrime opportunities, enhance overall security posture, and prevent potential attacks.

Start reducing risk

Cloud security

Cloud security solutions are technologies, policies, and applications that protect online IP, services, applications, workloads, and other critical data. A unified solution combines multiple security tools and features into a single platform, streamlining management and shielding users against cyberthreats wherever they access the internet.

Get cloud security

Email security

Email security is a crucial cybersecurity tool that protects organizations from a wide range of email-based threats. An email security application helps safeguard email communication from phishing attacks, malware, spam, and other dangerous cybercrimes.

Secure your inbox

Access management

An access management solution controls user access to digital resources. It verifies identities through processes like MFA, SSO, and passwordless authentication. User and device trust is continuously evaluated using adaptive, risk-based policies. This zero-trust strategy makes it harder for criminals to breach an environment and move laterally within it.

Discover Duo

Web security

Web security is a cybersecurity solution that works to safeguard online resources, devices, and data from cyberthreats. It offers strong threat intelligence, dynamic content control, and seamless user integration. Features like data loss prevention, strong authentication methods, and deep visibility help organizations build a secure online environment.

Explore web security

Intrusion prevention system (IPS)

An IPS is a cybersecurity solution that actively monitors network traffic, identifying and thwarting potential attacks in real time. An IPS analyzes global threat intelligence to block malicious activity, track the progression of suspect malware across the network, and stop the spread of a breach and reinfection.

Related cybersecurity topics

What is a cyberattack?

A cyberattack is a malicious attempt to breach the information system of an organization or individual.

Learn common cyberattack types

What is network security?

Network security protects a network's infrastructure from unauthorized access, misuse, or theft.

Learn why network security is crucial

What is Advanced Malware Protection (AMP)?

Advanced Malware Protection software helps prevent, detect, and remove threats from computer systems.

Learn how AMP works

What is ransomware?

Ransomware software encrypts a victim's data, then demands payment to decrypt it.

Learn how to defend against ransomware

What is a DDoS attack?

Distributed-denial-of-service (DDoS) attacks flood a network with traffic to disrupt services.

See DDoS attack trends

What are password security and protection?

Password security and protection are practices that control access to devices, files, and accounts.

Explore password security and protection

eBook

XDR for Dummies

Learn the best approach for your business, experience advanced threat detection, and reduce complexity for your security team.

Read the free eBook
Cybercrime video graphic