What is meant by cybercrime?

Cybercrime is a criminal activity that targets or attempts to use a computer, a computer network, or a networked device. Most cybercrimes are committed by thieves or hackers who want to earn money, and in other rare cases, the goal behind cybercrime is to damage computers for non-profit reasons, which may be political or personal.

Cybercrimes can be committed by individuals or organizations; some of these cybercriminals are organized, use advanced technologies, and are highly technically skilled, while others are just novice hackers.

What are the types of cybercrime?

Cybercrime, often referred to as computer crime in legal contexts, includes a wide range of malicious activities such as:

Email and internet fraud.

Identity forgery (where personal information is stolen and used).

Cyber theft, including unauthorized acquisition of financial or card payment data.

Theft and sale of company data.

Cyber extortion (demanding money to prevent a threatened attack).

Ransomware attacks (a type of cyber extortion).

Cryptojacking (where hackers mine cryptocurrency using resources they do not own).

Cyberespionage (where hackers gain access to government or company data).

Interfering with systems in a way that compromises the network.

Copyright infringement.

Illegal gambling.

Selling illegal goods online.

Soliciting, producing, or possessing child exploitation material.

These are some of the most common types of cybercrime, but new threats continue to emerge as technology evolves. Cybercrime involves at least one of the following:

Criminal activity targeting computers using viruses and other types of malware.

Criminal activity using the computer to commit other crimes.

Cybercriminals targeting computers may infect them with malware to damage the devices or stop them from working. They may use that malware to delete or steal data. Cybercriminals can also work to prevent users from using a website or network or prevent a company providing a software service from reaching its customers; this method is known as a Denial of Service (DoS) attack.

Cybercrime that uses computers to commit other crimes may include using computers or networks to spread malware, information, or illegal images.

Cybercriminals often do both at the same time. They may target computers with viruses first and then use them to spread malware to other devices or across the network. Some countries also have a third category of cybercrime where computers are used as an accessory to the crime. An example of this is using computers to store stolen data.

Examples of cybercrime

Here are some famous examples of different types of cybercrime attacks used by cybercriminals:

1. Malware attacks

   A malware attack is the infection of a computer system or network with a computer virus or any other type of malware. Cybercriminals can use a computer compromised by malware for multiple purposes. These include stealing confidential data, using the computer to carry out other criminal acts, or causing data damage.

   A famous example of a ransomware attack is WannaCry, a global cybercrime that occurred in May 2017. WannaCry was a type of ransomware, which is malicious software used for extortion and taking money by holding the victim's data or device and not returning them except in exchange for a ransom. This ransomware targeted a security vulnerability in computers running the Microsoft Windows operating system.

   When the WannaCry ransomware attack occurred, 230,000 computers in 150 countries were affected! Users were blocked from accessing their files and were sent a message demanding they pay a Bitcoin ransom to regain access.

   Globally, the WannaCry cybercrime caused financial losses estimated at up to $4 billion. To this day, this attack remains famous due to its spread and impact.

2. Double Extortion Ransomware Attacks

   In recent years, ransomware has evolved into a more aggressive form known as double extortion. In these attacks, cybercriminals do not just encrypt the victim's data; they also steal it before the encryption process. This stolen data is then used as leverage: if the ransom is not paid, the attackers threaten to publish sensitive information. A prominent example is the Cl0p ransomware group, which targeted multinational corporations and government agencies by exploiting vulnerabilities in widely used file transfer tools. Victims faced a dual threat of data leakage and operational disruption—a powerful tactic that significantly increased ransom compliance rates.

3. Phishing

   A phishing campaign occurs when unsolicited emails or other forms of communication are sent with the intent of tricking recipients into doing something that undermines their security. Phishing campaign messages may contain attachments with malware or links to malicious websites, or they may ask the recipient to respond with confidential information.

   One famous example of a scam occurred during the World Cup in 2018. According to our report, World Cup Scams 2018, the fraudulent World Cup scam involved emails sent to football fans. These spam emails tried to lure fans with fake free trips to Moscow where the World Cup was hosted, and the personal data of people who opened these emails and clicked on the links therein was stolen.

   Another type of phishing campaign is known as spear phishing. These are targeted phishing campaigns that attempt to trick specific individuals into compromising the security of the organization they work for.

   Unlike regular phishing campaigns which are very general in style, spear phishing messages are usually designed to look like messages from a trusted source. For example: they are designed to look like they are from the CEO or IT manager, and they may not contain any visual indication of being fake.

   Cybercriminals have also begun leveraging AI tools to craft more convincing fraudulent messages. These tools can mimic writing styles, create flawless grammar, and even simulate familiar communication patterns. Combined with data collected from social media, this allows for highly personalized attacks that are difficult to detect.

   In addition, attackers use AI to automate and scale attacks—such as scanning for vulnerabilities or deploying malware across multiple targets—reducing effort while increasing reach.

4. Smishing and Vishing Attacks

   Smishing (phishing via SMS) and vishing (voice phishing) are increasing, targeting users through text messages and phone calls rather than email. These scams often impersonate banks, delivery services, or government agencies to trick recipients into revealing sensitive data or clicking on malicious links.

   One example involves SMS messages claiming that a package delivery requires a customs payment, leading to a fake payment form that harvests credit card details. In vishing, attackers may pose as technical support or law enforcement, pressuring victims to share login credentials or transfer money.

5. Attacks on Critical Infrastructure

   Cybercriminals increasingly target essential services such as healthcare, energy, and transportation systems. These attacks can cause widespread disruption and endanger lives. A prominent example is the Colonial Pipeline attack in 2021, where ransomware disrupted fuel delivery across the Southeast United States, leading to emergency responses and temporary fuel shortages. Hospitals, water treatment facilities, and public transport networks can also be affected by similar threats, emphasizing the societal impact of cybercrime beyond financial loss.

6. Crime-as-a-Service (CaaS)

   One key development in the cybercrime ecosystem is the rise of Crime-as-a-Service (CaaS) platforms. These dark web marketplaces allow anyone—regardless of technical skill—to purchase ready-made tools and services such as ransomware kits, phishing campaigns, credential dumps, and DDoS-for-hire. This "cybercrime economy" has significantly lowered the entry barrier for aspiring attackers and has led to the rapid growth and professionalization of cybercrime networks.

7. Distributed DoS Attacks

   Distributed DoS (DDoS) attacks are a type of cybercrime attack used by cybercriminals to bring down a system or network. Connected Internet of Things (IoT) devices are sometimes used to launch Denial of Service attacks. A Denial of Service attack overwhelms the system using one of the standard communication protocols it uses to spam the system with connection requests. Cybercriminals carrying out cyber extortion may use the threat of a Denial of Service attack to demand money. Alternatively, a Denial of Service attack can be used as a distraction technique while another type of cybercrime is taking place. A famous example of this type of attack is the 2017 Denial of Service attack on the UK National Lottery website. This attack took the lottery website and mobile app offline, preventing UK citizens from playing. The reason for the attack remains unknown, though it is suspected that the attack was an attempt to extort the National Lottery.

Impact of Cybercrime

In general, cybercrimes and cyberattacks have continued to rise in recent years. According to a study by Cybersecurity Ventures, in 2023, a cyberattack occurred every 39 seconds, equivalent to more than 2,200 incidents daily. This represents an increase from 2022, when an incident occurred every 44 seconds.

Accenture's "State of Cybersecurity Resilience 2023" report, based on a survey of 3,000 security and business executives from large organizations, also emphasizes the persistent threat of cyberattacks. Particularly concerning is the rise in ransomware attacks, which, according to a report by WatchGuard, saw a 95% increase in 2023 compared to the previous year. This increase in attacks affects not only companies but also individuals, as many companies store sensitive data and personal information from customers.

Financial, Operational, and Reputational Damage

A single cyberattack—whether it is a data breach, malware infection, ransomware, or DDoS attack—can have devastating financial and reputational consequences.

Based on the latest data from the Hiscox Cyber Readiness Report 2024, the impact of cyberattacks on businesses has increased significantly. The report reveals that 67% of companies suffered a cyberattack in the past 12 months, while the same percentage reported an increase in cyber incidents compared to the previous year.

The impact often extends far beyond direct financial loss. Approximately 47% of affected companies struggled to attract new customers, 43% lost existing customers, and 38% suffered reputational damage through negative media coverage.

Cybercrime does not only harm companies—individuals can also face severe consequences, including identity fraud, financial loss, and erosion of trust.

Targeting SMEs and Supply Chain Vulnerabilities

Small and Medium Enterprises (SMEs) and remote infrastructures have become key targets, especially since the widespread shift to remote work during the COVID-19 pandemic. Many of these organizations lack robust cybersecurity defenses, making them vulnerable to ransomware, phishing, and supply chain attacks.

Cybercriminals increasingly exploit trusted third-party vendors to infiltrate multiple victims at once—a tactic known as supply chain attacks. Incidents like SolarWinds and Kaseya illustrate how a single compromised provider can affect thousands of downstream businesses. According to Hiscox, one in five SMEs believes a successful cyberattack would likely force them to go out of business entirely, highlighting the urgent need to strengthen cybersecurity across the supply chain.

Global Response Legislation and Cybersecurity

As cyber threats grow in scale and complexity, international cooperation and regulation have become essential. Organizations such as Europol, Interpol, and the United Nations now play an instrumental role in coordinating cross-border cybercrime investigations. Countries have also introduced new legislation to strengthen digital defenses. The EU NIS2 Directive and global frameworks like the Budapest Convention on Cybercrime are examples of evolving legal structures aimed at improving response and resilience. These efforts also place greater responsibility on companies to protect data and report breaches quickly.

How to protect yourself from cybercrime

Given the prevalence of cybercrime, you may wonder how to protect yourself from it. Here are some simple tips to protect your computer and your personal data from cybercrime:

1. Keep software and operating system updated

   Updating your software and operating system ensures you benefit from the latest security patches to protect your computer.

2. Use strong passwords

   Ensure you use strong passwords that people will not guess and do not record them anywhere. You can also use a reputable password manager app to generate strong passwords randomly to make it easier for you.

3. Never open attachments in spam emails

   Email attachments in spam emails are a traditional way to infect a computer with malware and other forms of cybercrime. Never open an attachment from a sender you do not know.

4. Do not click on links in spam emails or untrusted websites

   Another way people become victims of cybercrime is by opening links in spam emails or other messages or unfamiliar websites. Avoid doing this to stay safe online.

5. Do not give personal information unless it is secure

   Never provide personal data over the phone or via email to any entity unless you are absolutely sure of the security of the line or email. Make sure you are talking to the person you think you are talking to. The best way is to use another phone because cybercriminals can keep the line open. When you think you have called the company again, they can claim to be from the bank or another institution you think you are talking to.

6. Contact companies directly regarding suspicious requests

   If a company contacts you and asks for personal information or data, end the call without giving them anything, and call them again using the number on their official website to ensure you are talking to them and not a cybercriminal.

7. Consider the addresses of websites you visit

   Monitor the URL addresses you open. Do they look legitimate? Avoid clicking on links containing unfamiliar URLs or those that look like spam. If your internet security product includes functions to ensure the security of online transactions, make sure to enable them before executing online financial transactions.

8. Monitor your bank statements

   It is important to discover that you have fallen victim to a cybercrime quickly. Monitor your bank statements and inquire about any unfamiliar transactions with the bank; the bank can investigate whether they are fraudulent or not.