A Cybercrime Typology

Cybercrime is one of the most prevalent forms of crime in the world. It can be defined as the intentional exploitation of computer networks, systems and technology-dependent enterprises. There are different types of cybercrime that include the use of malicious codes to modify data and gain unauthorised access.

Cybercrimes may be categorised into three broad categories: individual, property and government (based on the victim or the purpose of the crime). Within each category of cybercrime, cybercriminals use different levels and types of threats:

  • Individual: This cybercrime category refers to individual actions in the spreading of malicious or illegal information via the Internet and digital applications. Online child exploitation, illegal distribution of pornography and live streaming of child sexual abuse are a few examples of this category of cybercrime.

  • Property: This category is comparable to offline incidents where criminals illegally obtain someone’s else’s bank or credit card information. Property cybercrime comprises online incidents of cybercriminals stealing bank details to acquire money or conducting phishing scams to extract personal information.

  • Government: Despite being the least frequent of these categories, this is considered the most serious cybercrime as it can also be regarded as cyberterrorism. Government cybercrime includes the hacking of government or military websites (against the government) and the distribution of government propaganda (facilitated by the government). In addition, cyberattacks of this nature may escalate into cyberwarfare: military operations in cyberspace crossing international borders.

Moving beyond categories: common types of cybercrime to note

Web attack

A web attack penetrates the computer via the Internet, by exploiting already known or zero-day vulnerabilities.

SQL injection

SQL injection effectively employs malicious codes and manipulates backend databases to access information that is not intended to be displayed. Such information mostly involves private and sensitive data items including user lists and customer details, among others. SQL injections can have devastating long-term effects such as modification of database entries, unauthorised viewing of data or even deletion of entire databases.

Cross-site scripting

Cross-site scripting is another type of injection breach where attackers inject malicious codes into trusted websites and applications. When a user visits an infected web page, the malicious JavaScript code is executed on the user’s browser. This code can be used to steal important information like username and password.

DDoS attack

Distributed denial of service (DDoS) attacks aim at shutting down services or networks and making them inaccessible to the intended users. These attacks overwhelm the target with a lot of traffic and flood it with information that can cause the website to crash. DDoS attacks are targeted primarily at web servers of high-profile organisations, such as governments or trade firms.

Password attack

Password attacks are simply meant to decrypt or even attempt to obtain a user’s password with the help of criminal intentions. Attackers can use dictionary attacks, password sniffers, or even cracking programs in such cases. These attacks are conducted by accessing passwords that are exported or stored in a file.

Eavesdropping attack

An eavesdropping attack is the passive monitoring of a communication and begins with the interception of network traffic. This type of cybercrime is also known as sniffing or snooping. In this type of cybercrime, individuals attempt to steal information that computers, smartphones or other devices receive or send.

Insider threat

Not all of the network attacks are executed by outsiders. Insider attacks are a very common type of cybercrime. They are performed on a network or a system by individuals who have authorised access to the same system, mostly for revenge because their employer dismissed them or because they were selling sensitive classified information.

Man-in-the-middle attack

A man-in-the-middle attack occurs when attackers eavesdrop on the communication between two entities and actively exploit the information gained. This type of cybercrime affects both the communicating parties as the attacker can do anything with the interpreted information.

AI-powered attack

Computer systems are now programmed to learn, and AI-powered attacks mark a new type of cybercrime that is bound to get more sophisticated with time.

AI is employed in many everyday applications with the help of algorithmic processes referred to as machine learning. This software trains computers to perform specific tasks on their own. They can also accomplish these tasks by teaching themselves about obstacles that can potentially hinder their progress. AI can also hack many systems, including autonomous drones and vehicles, and convert them into potentially dangerous weapons. The AI-powered applications can be used for performing cybercrimes such as password cracking or identity theft.

Drive-by attack

Drive-by attacks are used to spread malware through insecure websites. Hackers first look for websites with lesser security parameters and then plant malicious scripts into PHP or HTTP code onto one of the pages. The script can then directly install the malware onto the computer of anyone who visits the site.

Phishing attack

A phishing attack is a social engineering attack used to steal private data such as login credentials or credit card details as attackers pretend to be trusted individuals and trick victims into opening malicious links.

  • Spear phishing attack These attacks are aimed at specific organizations’ data and conducted by individuals who desire unauthorised access. These hacks are executed by individuals who are trying to access specific information such as trade secrets, military intelligence, etc.

  • Whale phishing attack A whale phishing attack is a type of phishing that generally attacks people with high status, such as CFOs or CEOs. It primarily aims at stealing information as these individuals typically have unlimited access and work with sensitive data.


Malware is an umbrella term for a code or program intentionally built to affect or attack computer systems without the user’s consent.

  • PUPs PUPs, short for potentially unwanted programs, are a form of malware that is less threatening than other types of cybercrimes. This type of attack uninstalls the required search engine and pre-downloaded apps in the victim’s systems. Such attacks punctuate the importance of installing antivirus software to prevent malicious downloads.


Ransomware generally blocks victims’ access to their own data and may even delete their data if the ransom is not paid.

Trojan horse

A trojan horse is a type of malicious software program that attempts to disguise itself to appear useful. It appears like a standard application but causes damage to data files once executed.

Teardrop attack

A teardrop attack causes fragmentation in the general sequence of Internet Protocol (IP) packets and sends these fragmented packets to the victim’s machine.

The constantly evolving cyber risks in an Internet of Things (IoT) world and the new extraordinary levels of connectivity immensely transformed the cyber threat landscape. Undoubtedly, combating cybercrime requires a multi-faceted approach that incorporates, but is not limited to, enhanced intelligence and investigation capabilities (such as digital forensics), prevention, legislation and awareness.