Cybercrime Prevention, Reporting, & Recovery: Difference between revisions

From GCA ACT
Jump to navigationJump to search
No edit summary
No edit summary
Line 24: Line 24:
[[#CybercrimeReporting|Cybercrime Reporting Resources]]
[[#CybercrimeReporting|Cybercrime Reporting Resources]]
</div>
</div>
| style="vertical-align: top; border: none; background-color: #FFFFFF; text-align: left; width: 25%;" | <span>[[File:recover-bed.svg|frameless|70px|link=|thumb|left]]</span><span style="font-weight: bold; font-size: 25px;">Recover</span><div>Once you have reported a cybercrime, there are steps you can take to recover from it. A lot of the time these steps occur before the crime happens, like keeping a backup of your data or having a disaster recovery plan. Otherwise it may include things like changing your passwords, monitoring your credit report, and filing insurance claims.  
| style="vertical-align: top; border: none; background-color: #FFFFFF; text-align: left; width: 25%;" | <span>[[File:recover-bed.svg|frameless|70px|link=|thumb|left]]</span><span style="font-weight: bold; font-size: 25px;">Recover</span><div>Once you have reported a cybercrime, there are steps you can take to recover from it. A lot of the time these steps occur before the crime happens, like keeping a backup of your data or having a disaster recovery plan. Otherwise, it may include things like changing your passwords, monitoring your credit report, and filing insurance claims.  
* ADD CATEGORY PAGES
<strong>Cybersecurity Tools</strong>
{{#categorytree:Passwords|mode=collapsed}}
{{#categorytree:Backup & Restoration of Data|mode=collapsed}}
{{#categorytree:Cybersecurity Insurance|mode=collapsed}}
{{#categorytree:Sensitive Data|mode=collapsed}}
</div>
</div>
|}
|}
Line 105: Line 109:
{| class="wikitable"
{| class="wikitable"
|+
|+
! Type of Cybercrime (Definition) !! Signals of Attack !! Methods of Containment
! Type of Cybercrime !! Signals of Attack !! Methods of Containment
|-
|-
| Data breach (The unauthorized access and theft of sensitive data)
| width="20%" | '''Data breach''' - The unauthorized access and theft of sensitive data.
|  
| width="40%" |
* Unusual system activity, such as spikes in traffic or login attempts from unusual locations
* Unusual system activity, such as spikes in traffic or login attempts from unusual locations
* Missing files or data
* Missing files or data
* Unauthorized changes to system configurations or permissions
* Unauthorized changes to system configurations or permissions
|  
| width="40%" |
* Isolate affected systems from the network
* Isolate affected systems from the network
* Change all passwords and security credentials
* Change all passwords and security credentials
Line 118: Line 122:
* Restore data from backups
* Restore data from backups
|-
|-
| Malware attack (The unauthorized installation of malicious software on a computer system)
| '''Malware attack''' - The unauthorized installation of malicious software on a computer system.
|  
|  
* Slow computer performance
* Slow computer performance
Line 129: Line 133:
* Restore data from backups
* Restore data from backups
|-
|-
| Phishing attack (A fraudulent attempt to obtain sensitive information, such as passwords or credit card numbers, by disguising oneself as a trustworthy entity in an electronic communication)
| '''Phishing attack''' - A fraudulent attempt to obtain sensitive information, such as passwords or credit card numbers, by disguising oneself as a trustworthy entity in an electronic communication.
|  
|  
* Emails or text messages that appear to be from a legitimate source, such as a bank or credit card company, but contain suspicious links or attachments
* Emails or text messages that appear to be from a legitimate source, such as a bank or credit card company, but contain suspicious links or attachments
Line 137: Line 141:
* Verify the legitimacy of any email or text message before providing any personal or sensitive information
* Verify the legitimacy of any email or text message before providing any personal or sensitive information
|-
|-
| Denial-of-service (DoS) attack (An attempt to make a computer system or network unavailable to its intended users by flooding it with traffic or exploiting vulnerabilities in software or hardware)
| '''Denial-of-service (DoS) attack''' - An attempt to make a computer system or network unavailable to its intended users by flooding it with traffic or exploiting vulnerabilities in software or hardware.
|  
|  
* Slow website or application performance
* Slow website or application performance
Line 146: Line 150:
* Implement DDoS mitigation strategies, such as firewalls and load balancers
* Implement DDoS mitigation strategies, such as firewalls and load balancers
|-
|-
| Man-in-the-middle (MitM) attack (An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly to each other)
| '''Man-in-the-middle (MitM) attack''' - An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly to each other.
|  
|
* Unexpected redirects to unfamiliar websites
* Unexpected redirects to unfamiliar websites
* Unexpected changes to website content
* Unexpected changes to website content
Line 156: Line 160:
* Use strong passwords and two-factor authentication
* Use strong passwords and two-factor authentication
|-
|-
| Social engineering attack (An attack that manipulates people into performing actions or divulging confidential information) ||  
| '''Social engineering attack''' - An attack that manipulates people into performing actions or divulging confidential information.
|  
* Phone calls, emails, or text messages that ask for personal or sensitive information
* Phone calls, emails, or text messages that ask for personal or sensitive information
* Requests for help with technical problems
* Requests for help with technical problems
Line 165: Line 170:
* Verify the legitimacy of any request before taking any action
* Verify the legitimacy of any request before taking any action
|-
|-
| Ransomware attack (A type of malware that encrypts the victim's data and demands a ransom payment in exchange for the decryption key)
| '''Ransomware attack''' - A type of malware that encrypts the victim's data and demands a ransom payment in exchange for the decryption key)
|  
|  
* Files that are encrypted and cannot be accessed
* Files that are encrypted and cannot be accessed
Line 174: Line 179:
* Restore data from backups
* Restore data from backups
|-
|-
| Cryptojacking (The unauthorized use of a computer's processing power to mine cryptocurrency)
| '''Cryptojacking''' - The unauthorized use of a computer's processing power to mine cryptocurrency.
|  
|  
* Slow computer performance
* Slow computer performance
Line 184: Line 189:
* Use strong passwords and two-factor authentication
* Use strong passwords and two-factor authentication
|-
|-
| Insider threat (A cyberattack carried out by an individual who has authorized access to an organization's computer systems or data) |  
| '''Insider threat''' - A cyberattack carried out by an individual who has authorized access to an organization's computer systems or data.
|  
* Unusual system activity, such as spikes in traffic or login attempts from unusual locations
* Unusual system activity, such as spikes in traffic or login attempts from unusual locations
* Unauthorized changes to system configurations or permissions
* Unauthorized changes to system configurations or permissions
Line 193: Line 199:
* Conduct regular security audits
* Conduct regular security audits
|-
|-
| Supply chain attack (A cyberattack that targets an organization's suppliers or third-party vendors)
| '''Supply chain attack''' - A cyberattack that targets an organization's suppliers or third-party vendors.
|  
|  
* Vulnerabilities in software or hardware used by suppliers or third-party vendors
* Vulnerabilities in software or hardware used by suppliers or third-party vendors

Revision as of 20:23, 30 October 2023


Meerkat colony 1.png

This page is your go-to resource for tackling the multifaceted challenges of cybercrime. With the digital world becoming increasingly integrated to everyday lives and business operations, understanding how to prevent, recognize, report, and recover from cyber threats is critical. This comprehensive page is structured into four essential sections encompassing the continuum of cybercrime remediation. Each section includes a curated list of cybersecurity tools tailored for everyday users, individuals requiring enhanced security, and organizations.

thumb
Prevent
Whether you are an everyday user or in charge of an organization's IT apparatus, implementing cybercrime prevention tools is a no-brainer. For Everyday Cybersecurity this includes using strong passwords, being careful about what information you share online, and being aware of common cybercrime scams. However sometimes a more structured approach, or Enhanced Protection, is needed for small businesses or individuals requiring heightened security. For large organizations Advanced Security is required, including sophisticated Intrusion Prevention Systems (IPS), security simulations, and strict access control.


thumb
Realize
Cybercrimes can often go undetected but it is important to catch them before they cause further damage. Luckily, along with a number of resources for learning to spot cybercrimes, there are a multitude of automated software tools that intelligently detect anomalies.


Cybercrime Types & Containment Methods

thumb
Report
If you are the victim of a cybercrime, it is important to report it to the authorities. This will help them to investigate the crime and track down the perpetrators. Cybercrimes are dramatically underreported, people are sometimes embarrassed, or they don’t think anyone will do anything. The truth is that authorities are investing more money in cybersecurity every year.

Cybercrime Reporting Resources

thumb
Recover
Once you have reported a cybercrime, there are steps you can take to recover from it. A lot of the time these steps occur before the crime happens, like keeping a backup of your data or having a disaster recovery plan. Otherwise, it may include things like changing your passwords, monitoring your credit report, and filing insurance claims.

Cybersecurity Tools

Category Cybersecurity Insurance not found



Cybercrime Reporting Resources
Country Organization URL Description
United States Federal Bureau of Investigation (FBI) https://www.fbi.gov The FBI is the primary federal law enforcement agency responsible for investigating cybercrime in the United States.
United Kingdom National Cyber Security Centre (NCSC) https://www.ncsc.gov.uk The NCSC is a part of the GCHQ, the UK's intelligence and security agency responsible for cyber security. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
Canada Canadian Centre for Cyber Security (CCCS) https://www.cyber.gc.ca The CCCS is a part of the Communications Security Establishment (CSE), Canada's national intelligence and cyber security agency. It provides cyber security advice and support to government, industry, and Canadians at large.
Australia Australian Cyber Security Centre (ACSC) https://www.cyber.gov.au The ACSC is a part of the Australian Signals Directorate (ASD), Australia's national intelligence agency responsible for cyber security. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
New Zealand New Zealand Computer Emergency Response Team (CERT NZ) https://www.cert.govt.nz CERT NZ is a government agency responsible for responding to and managing cyber security incidents in New Zealand. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
India Indian Computer Emergency Response Team (CERT-In) https://www.cert-in.org.in CERT-In is a government agency responsible for coordinating cyber security efforts in India. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
Singapore Cyber Security Agency of Singapore (CSA) https://www.csa.gov.sg The CSA is a government agency responsible for overseeing and coordinating cyber security efforts in Singapore. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
Japan National Institute of Information and Communications Technology (NICT) https://www.nict.go.jp/en/ NICT is a government agency responsible for research and development in information and communications technology. It also plays a role in cyber security, providing advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
South Korea Korea Internet & Security Agency (KISA) https://www.kisa.or.kr/eng/ KISA is a government agency responsible for overseeing and coordinating cyber security efforts in South Korea. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
China National Internet Emergency Response Center (CNCERT/CC) https://www.nic.ad.jp/en/ CNCERT/CC is a government agency responsible for responding to and managing cyber security incidents in China. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime.
International Interpol (https://www.interpol.int) Interpol is an international organization that facilitates worldwide police cooperation. It has a cybercrime unit that provides support to member countries in investigating and prosecuting cybercrime.
International Europol (https://www.europol.europa.eu) Europol is the European Union's law enforcement agency. It has a cybercrime center that provides support to EU member states in investigating and prosecuting cybercrime.
International No More Ransom (https://www.nomoreransom.org) No More Ransom is a public-private partnership that provides free decryption tools to victims of ransomware attacks. It also provides information and advice on how to prevent ransomware attacks.



Types of Cybercrimes and Containment Methods
Type of Cybercrime Signals of Attack Methods of Containment
Data breach - The unauthorized access and theft of sensitive data.
  • Unusual system activity, such as spikes in traffic or login attempts from unusual locations
  • Missing files or data
  • Unauthorized changes to system configurations or permissions
  • Isolate affected systems from the network
  • Change all passwords and security credentials
  • Notify affected individuals and credit bureaus
  • Restore data from backups
Malware attack - The unauthorized installation of malicious software on a computer system.
  • Slow computer performance
  • Unusual system activity, such as high CPU usage or network traffic
  • Unexpected pop-up windows or messages
  • New software or files that appear on the computer without the user's knowledge
  • Run a full system scan with antivirus and anti-malware software
  • Remove any infected files
  • Restore data from backups
Phishing attack - A fraudulent attempt to obtain sensitive information, such as passwords or credit card numbers, by disguising oneself as a trustworthy entity in an electronic communication.
  • Emails or text messages that appear to be from a legitimate source, such as a bank or credit card company, but contain suspicious links or attachments
  • Emails or text messages that ask for personal or sensitive information, such as passwords or credit card numbers
  • Do not click on links or open attachments in emails or text messages from unknown senders
  • Verify the legitimacy of any email or text message before providing any personal or sensitive information
Denial-of-service (DoS) attack - An attempt to make a computer system or network unavailable to its intended users by flooding it with traffic or exploiting vulnerabilities in software or hardware.
  • Slow website or application performance
  • Unresponsive website or application
  • Unexpected error messages
  • Contact your internet service provider (ISP) or web hosting provider
  • Implement DDoS mitigation strategies, such as firewalls and load balancers
Man-in-the-middle (MitM) attack - An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly to each other.
  • Unexpected redirects to unfamiliar websites
  • Unexpected changes to website content
  • Unexpected security warnings
  • Use a VPN when connecting to public Wi-Fi networks
  • Keep your software and operating system up to date
  • Use strong passwords and two-factor authentication
Social engineering attack - An attack that manipulates people into performing actions or divulging confidential information.
  • Phone calls, emails, or text messages that ask for personal or sensitive information
  • Requests for help with technical problems
  • Offers of free products or services
  • Be suspicious of any unsolicited contact
  • Do not provide personal or sensitive information to anyone you do not know and trust
  • Verify the legitimacy of any request before taking any action
Ransomware attack - A type of malware that encrypts the victim's data and demands a ransom payment in exchange for the decryption key)
  • Files that are encrypted and cannot be accessed
  • A ransom message demanding payment in exchange for the decryption key
  • Isolate affected systems from the network
  • Do not pay the ransom
  • Restore data from backups
Cryptojacking - The unauthorized use of a computer's processing power to mine cryptocurrency.
  • Slow computer performance
  • High CPU usage
  • Unexpected network traffic
  • Install a cryptocurrency miner blocker
  • Keep your software and operating system up to date
  • Use strong passwords and two-factor authentication
Insider threat - A cyberattack carried out by an individual who has authorized access to an organization's computer systems or data.
  • Unusual system activity, such as spikes in traffic or login attempts from unusual locations
  • Unauthorized changes to system configurations or permissions
  • Missing files or data
  • Monitor system activity for suspicious behavior
  • Implement security controls to prevent unauthorized access to systems and data
  • Conduct regular security audits
Supply chain attack - A cyberattack that targets an organization's suppliers or third-party vendors.
  • Vulnerabilities in software or hardware used by suppliers or third-party vendors
  • Unusual system activity, such as spikes in traffic or login attempts from unusual locations
  • Unauthorized changes to system configurations or permissions
  • Update all software and hardware to the latest versions
  • Implement security controls to prevent unauthorized access to systems and data
  • Monitor supplier and vendor activity for suspicious behavior