Types of Cybercrime and Different Cyber Warfare Tactics

By Dr. Matthew Loux and Bryce Loux  |  07/29/2025

There are various types of cybercrime that threaten not only our personal computers and other digital devices, but also our sensitive data. In our society, cybercrime affects individuals, businesses, and national security.

As new digital technologies emerge and evolve, cyber criminals find more ways to exploit software, human behavior, and global computer networks. Cybercrime has become increasingly sophisticated. Combating it requires a concentrated, coordinated effort from both private organizations and government entities.

Hacking and Unauthorized User Access

Hacking involves the use of clandestine techniques for gaining access to a computer system, network, or data. Cyber criminals typically hack into electronic devices and computer networks to damage systems, commit fraud, or retrieve sensitive information. Ethical hackers, on the other hand, use their skills to test systems and identify security vulnerabilities to help prevent cybercrime.

Some of the most common targets for cyberattacks are:

• Healthcare databases
• Personal devices
• Corporate servers
• Government systems

Criminals use the information from these targets to conduct cyber espionage or to steal sensitive information they can exploit for profit.

Hackers are commonly categorized into three groups:

• White hat hackers – Ethical professionals who test systems to improve security
• Black hat hackers – Individuals who illegally breach systems for malicious purposes
• Gray hat hackers – Computer experts who operate between ethical and illegal boundaries

The 2017 Equifax data breach was an example of why organizations must take cyberthreats seriously. The breach exposed the private information of 148 million Americans, making them vulnerable to identity theft and sparking public outrage.

In addition to compromising customer data and company data, hackers can disrupt business operations and even pose threats to our country’s security.

Phishing and Social Engineering

Phishing is a cybercrime that tricks individuals into sharing their confidential information through social engineering techniques. Many cybercriminals steal personal information and other sensitive data by sending out emails and text messages with malicious links. Similarly, voice phishing (also known as vishing) is a type of phishing attack that targets victims via phone calls.

Often, phishing scams use scare tactics to pressure victims into acting fast. For example, attackers might claim a victim’s bank account has been flagged for suspicious activity. This type of ruse induces panic and makes people act swiftly.

Urgent requests for sensitive information, links, and even typographical errors are all examples of red flags that might indicate a message is a phishing scam.

Organizations can protect themselves against this type of cybercrime by:

• Training employees to recognize phishing attempts and social engineering tactics
• Implementing email filtering systems
• Reminding workers not to click on links, download files from untrusted sources, and check on the sources of phone calls before providing information
• Educating employees about insider threats and external attackers

Malware and Ransomware Attacks

Some of the most common cybercrimes involve malicious software (also called malware). Malware attacks use malicious code to infiltrate and damage computer systems and can incorporate:

• Viruses (including Trojan horse viruses)
• Worms
• Spyware
• Adware

When someone becomes a malware victim, that allows an attacker to:

• Steal or erase computer data
• Monitor the victim's activity
• Damage files

Ransomware is another type of malicious software. It threatens to encrypt a victim’s files and demands payment in cryptocurrency – a hard-to-trace payment method – for restoration of stolen data. Since the only way to eliminate ransomware is to pay the attacker a ransom, it poses a greater threat than other types of malware.

In recent years, ransomware has become increasingly prevalent. Attackers are now targeting not only individuals, but also corporations – especially hospitals and other infrastructure providers.

Some well-known examples of ransomware attacks include:

• WannaCry (2017) – Affected over 200,000 computers in 150 countries
• Colonial Pipeline (2021) – Disrupted fuel distribution in the U.S. and led to a multimillion-dollar ransom

The results of these attacks are massive financial losses, system downtime, reputational harm, and sometimes legal consequences.

Still, there are steps we can all take to combat malware and ransomware and avoid financial loss. These preventative steps include:

• Reporting emails with suspicious attachments
• Regularly updating systems and applications
• Using antivirus software
• Backing up important data regularly
• Using caution with QR codes that can lead to a fake website with malware

IBM Security reported that the average cost of a ransomware breach was over $4.9 million globally in 2024.

Identity Theft and Financial Fraud

Identity theft takes place when an attacker maliciously acquires personal information to commit fraud. Phishing, malware, and data breaches all make it possible for cyber criminals to steal others’ identities. They use victims’ information to impersonate them and make financial transactions.

Some common fraud schemes include:

• Fraud related to tax refunds
• Loan and mortgage-related fraud
• Credit card fraud

Cyber criminals can trade and sell the stolen information on the dark web. They collect information and sell the data to dark web buyers in bulk.

Account denials, credit barriers, and unfamiliar accounts are all warning signs that your identity may have been stolen. Fortunately, there are multiple ways to protect yourself against identity theft:

• Use strong and unique passwords with uppercase/lowercase letters, numbers, and symbols
• Enable two-factor authentication, especially for accounts connected to financial institutions
• Monitor credit reports
• Freeze your credit when appropriate

Data breaches and identity theft impacts millions of people. In fact, the Identity Theft Resource Center released a report indicating there were over 1,800 data breaches within the United States in 2022 alone.

Cyberstalking, Harassment, and Online Bullying

Cyberstalking and online harassment can involve threatening, intimidating, or emotionally mistreating someone else on digital platforms. Unlike physical stalkers, stalkers in cyberspace can monitor victims from any location and at any time.

Common venues include social media, email, forums, and messaging applications. Offenders may participate in:

• Doxxing (exposing someone’s private information online)
• Blackmail
• Impersonation of a victim
• Spreading false content online

Anxiety, depression, and post-traumatic stress disorder (PTSD) are common, long-term effects of cyber harassment.

However, there are potential legal solutions. Unfortunately, taking legal action is complicated, especially when a cybercrime involves attackers from different states or countries.

Protective measures victims can take include:

• Blocking the offenders
• Saving evidence of offending material through recordings or screenshots
• Reporting illegal incidents to police and social media platforms

Education is also important for mitigating cyber threats and stopping bullying. Schools and employers can help prevent cybercrime by teaching students and workers about responsible online behavior.

Intellectual Property Theft and Piracy

Intellectual property (IP) theft involves the unlicensed use of protected content such as music, videos, software, and patents. Since the advent of digital platforms, IP theft and piracy has become rampant.

Examples of piracy and IP theft include:

• Distribution of copyrighted movies without authorization
• Distribution of computer software without proper licensing
• Reproduction of patentable source codes

Naturally, piracy can lead to immense financial losses for companies, but there are ways to protect IP from cyber criminals.

Digital rights management (DRM) technology, encryption, and watermarks all help to safeguard digital content. Additionally, laws such as the Digital Millennium Copyright Act (DMCA) offer legal protection.

Cyberterrorism, Hacktivism, and Nation-State Attacks

Cyberterrorism attempts to disrupt critical systems such as healthcare facilities, utilities, and defense agencies through politically motivated cyberattacks.

Alternatively, hacktivism involves hacking to expose the perceived wrongdoings of an organization or to advance ideological causes. Although this form of protest is disruptive, it generally steers clear of intentional civilian casualties.

With nation-state cyberattacks, perpetrators launch these attacks to conduct cyber espionage, interfere with elections, or even sabotage critical infrastructure.

Significant examples of cyber terrorism include:

• Stuxnet – Targeted Iranian nuclear centrifuges in 2010
• SolarWinds attack – Exposed sensitive data from public and private organizations, including U.S. federal agencies, between 2019 and 2020

Cyber terrorists pose a significant threat to national security. Accordingly, governments worldwide have begun to increase their investment in cybersecurity. They’ve formed joint defense coalitions, enacted more stringent policies, and published online content to raise general security awareness for the public.

The Cybersecurity and Infrastructure Security Agency (CISA) advocates the importance of global collaboration and maintaining a resilient infrastructure to prevent widespread disruption and illegal activities.

Federal and State Laws Regarding Cyber-Related Crime

As cybercrimes have grown more sophisticated, U.S. federal and state governments have developed a patchwork of laws to address them. These laws address cybercrimes ranging from hacking and identity theft to cyberstalking and online fraud.

Federal Cybercrime Laws

At the federal level, several key statutes form the backbone of U.S. cybercrime policy:

• The Computer Fraud and Abuse Act (1986) is one of the most prominent pieces of legislation surrounding cybercrime. It criminalizes unauthorized access to computers and networks, data theft, and malware-related activities. This legislation has helped to prosecute hackers who breach government or corporate systems. However, critics argue that its broad language sometimes leads to overreach.
• The Electronic Communications Privacy Act (1986) protects electronic communications. It regulates when and how law enforcement can intercept emails, texts, and other digital data.
• The Identity Theft and Assumption Deterrence Act (1998) makes it a federal crime to knowingly use someone else’s identity for unlawful purposes. Offenders face fines and imprisonment, specifically for crimes that involve terrorism or immigration violations.
• The USA PATRIOT Act (2001) allows federal government agencies to monitor and investigate electronic communications, especially any communications related to terrorism or national security threats. Though controversial, it plays a key role in combating cybercrimes.
• The Cybersecurity Information Sharing Act (2015) encourages private companies to share threat information with the federal government to improve national cybersecurity coordination.

The Department of Justice (DOJ), the FBI, and the Department of Homeland Security (DHS) are the primary federal agencies responsible for enforcing cybercrime laws. The DOJ’s Computer Crime and Intellectual Property Section (CCIPS) also plays a central role in high-profile prosecutions.

State Cybercrime Laws

In addition to federal laws, each U.S. state has its own set of cybercrime laws. While most mirror federal statutes, states often address specific local issues such as:

• Cyber harassment and cyberbullying, particularly involving minors or schools
• Unlawful computer access, sometimes with harsher penalties for targeting state systems
• Online impersonation, including catfishing or fake social media profiles

For example, California’s Comprehensive Computer Data Access and Fraud Act criminalizes unauthorized data access and tampering with computer systems. In addition, New York’s SHIELD Act mandates that businesses safeguard private information and requires that companies notify consumers about data breaches.

Because these crimes frequently cross state and national borders, jurisdiction can become a legal hurdle. Local police may need to collaborate with federal agencies or even international partners to pursue offenders.

The Challenges and Future Outlook

Unfortunately, cybercrime continues to challenge authorities. Many cyber criminals operate anonymously or from other countries, so they are beyond the reach of U.S. law. The constantly evolving nature of technology also outpaces legal reforms, creating gray areas, especially in areas like AI-driven scams or cryptocurrency theft.

To address these issues, some legal experts have advocated for updated legislation. Their goals include clearly defining digital offenses, promoting international cooperation, and limiting prosecutorial overreach.

Still, the current legal framework provides essential tools for prosecutors and investigators to combat cybercrime. It also offers victims a path to justice when their lives are disrupted by cyberattacks.

Even so, our country must continue to invest in new technologies to detect, investigate, and prosecute sophisticated cybercrimes. Law enforcement agencies need to routinely update their tools and strategies to protect the public against various types of cyberattacks. Moreover, private tech companies should collaborate with government organizations to help identify threats and protect critical infrastructure against cyber criminals.

Cyber-Enabled Crimes Are Inevitable, But We Can Fight Back

Cybercrime is constantly evolving, and it can take many forms. Phishing schemes, ransomware attacks, identity theft, and acts of cyberterrorism are just some examples of the illegal activities of cyber criminals.

All these crimes adversely affect individuals, companies, and governments. On the positive side, increased awareness, improved security, and robust legislation strengthen our society’s ability to confront these challenges.

As we all do our part to stay informed of new types of cyber threats, we can take proactive steps to protect ourselves and our country. The more we understand about common cybercrimes and corresponding laws, the safer our virtual environment will become.

The B.S. in Criminal Justice at AMU

For adult learners interested in learning more about the role of computer technology in combating crime, American Military University (AMU) offers an online Bachelor of Science in Criminal Justice.

Courses in this program include various topics, including criminal profiling, constitutional law, and criminal law. This degree program also offers a digital forensics concentration. In the courses for this concentration, students will examine the cybercrimes carried out by hackers and other malicious actors who exploit digital infrastructure for illegal purposes and how to prevent attacks.

For more details, visit AMU’s criminal justice degree program page.

Note: These degree programs are not designed to meet the educational requirements for professional licensure or certification in any country, state, province or other jurisdiction. These programs have not been approved by any state professional licensing body and does not lead to any state-issued professional licensure.