Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

Cybercriminal Profiles Don't Always Match Perceptions, Report Says

Dutch study of police data says there are many 'petty' cybercriminals who act alone

The widespread perception that cybercriminals are generally technically skilled and highly organized may not be accurate, according to a new study.

According to a report published in the Dutch-language magazine Second (PDF), cybercrime follows a pattern similar to other crimes in that the majority are carried out by everyday individuals acting alone.

A translated summary of the research published by Host Exploit says that Dutch researchers used police data to come up with a cybercriminal "profile" that differs significantly from the popular perception.

"The commonly held view of a cybercriminal being foreign, having high-tech skills, and operating in organized groups causing large scale problems has come mainly from the media," according to the translated summary. "The researchers found that the evidence they looked at in the Dutch police files did not support that view. The evidence pointed to many 'small' or 'petty' crimes being committed by ordinary individuals operating on their own.

"Cybercriminals can carry out attacks for financial gain, for revenge, or due to relationship or emotional problems, just as in offline crimes," the translated summary states. "But cyberspace offers plenty of opportunity for these acts to be perpetrated."

The researchers emphasize that their cybercriminal "profile" does not suggest that organized cybercrime doesn't exist -- it only suggests that investigators should not begin with the assumption that an online attack has been committed by an organized, tech-savvy criminal.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26246
PUBLISHED: 2020-12-03
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
CVE-2020-29279
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29280
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29282
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29283
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.