Safety Topic 10: Crimeware

1 0 0
                                    

Everyone: Hi!

Zoe: Today we are talking about Crimeware.

Tanya: You must be careful with this malware because it is made for criminals called Scammers.

Raphael: What are Scammers?

Zoe: Scammers are Criminals that help track your device. They can send viruses to your device.

Raphael: Okay.

Mata: Let's get started.

Zoe:

Crimeware is a class of malware designed specifically to automate cybercrime.

Crimeware (as distinct from spyware andadware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the cyberthief. Alternatively, crimeware may steal confidential or sensitive corporate information. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer confidential information.

Tanya:

Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:

Surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief.

Redirect a user's web browser to acounterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar.

Steal passwords cached on a user's system.

Hijack a user session at a financial institution and drain the account without the user's knowledge.

Enable remote access into applications, allowing criminals to break into networks for malicious purposes.

Encrypt all data on a computer and require the user to pay a ransom to decrypt it (ransomware).

Yohan:

Crimeware threats can be installed on victims' computers through multiple delivery vectors, including:

Vulnerabilities in Web applications. The Bankash.G Trojan, for example, exploited an Internet Explorer vulnerability to steal passwords and monitor user input on webmail and online commerce sites.

Targeted attacks sent via SMTP. These social-engineered threats often arrive disguised as a valid e-mail messages and include specific company information and sender addresses. The malicious e-mails use social engineering to manipulate users to open the attachment and execute the payload.

Remote exploits that exploit vulnerabilities on servers and clients.

Titae:

Crimeware can have significant economic impact due to loss of sensitive and proprietary information and associated financial losses. One survey estimates that in 2005 organizations lost in excess of $30 million due to the theft of proprietary information. The theft of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal and confidential.

Idea:

United States:

US laws and regulations include:

Sarbanes-Oxley Act

Health Insurance Portability and Accountability Act (HIPAA)

Gramm-Leach-Bliley Act

Family Educational Rights and Privacy Act

California Senate Bill 1386

Payment Card Industry Data Security Standard

Zoe: Crimeware is something that you should be aware of and be careful and don't download them.

Tanya: And we're here to keep you safe in the internet.

Everyone: Bye!

You've reached the end of published parts.

⏰ Last updated: Dec 29, 2017 ⏰

Add this story to your Library to get notified about new parts!

Classroom Musical Episode 4: Internet SafetyWhere stories live. Discover now