Cybercrime losses in the US went up to $4.63 billion during the past four years (2012-2016), reported FBI’s IC3 (Internet Crime Compliant Center) in its Internet Crime Report 2016. $1.4 billion was lost in 2016 alone.
According to an estimate, the actual cybercrime-related losses may be north of $9 billion annual given that only 15% of the US fraud victims report their crimes to law enforcement agencies, say official sources in The Department of Justice.
The report annually published by IC3 also reveals that the most prevalent type of cyber crimes during 2016 were:
- Business email compromise (BEC)
- Tech support fraud
Further, California, Texas, and Florida had the largest number of reported cybercrime victims. Califonia was also the hardest hit with $255 million in terms of reported victim loss.
Types of cyber crimes
I’ve been writing a lot about ransomware during the past few months (it’s the 2nd in FBI’s list of ‘Hot Topics for 2016’). I’m sure when the Bureau publishes 2017 Internet Crime Report, ransomware will be on the top of the list given the number of globally destructive ransomware attacks hacker groups such as Shadow Brokers have mounted in the past few months. However, let’s start with BEC.
IC3 defines BEC as “sophisticated scam targeting businesses working with foreign suppliers and/or businesses who regularly perform wire transfer payments”. The Email Account Compromise (EAC) component of BEC targets individuals who perform wire transfer payments.”
Followed by BEC is ransomware and I’ve covered most of the ransomware attacks that took place in past few months. From Wannacry and Petya to NotPetya and Erebus, there’s been an influx of this money-minting malware. South Korea’s Nayana (a web hosting company) paid a huge ransom of $1.01 million to regain access to its servers and database. IC3 shows the typical ransomware process as follows:
Tech support fraud is also discussed in the report as “when phony tech support companies utilize several different methods to contact or lure their victims“. They use a variety of tactics including cold calls, pop-up or locked screen, SEO, and URL hijacking. The aim is to steal victim’s account credentials and lock devices until they pay ransom to get their accounts unlocked.
What’s The Corporate Sector Doing to Counter Cybercrimes?
We’ve been talking about adopting best practices at a personal level. Backup your sensitive data, avoid using one password for multiple accounts and use three-tiers of security measures and anti-virus software. But, that’s all at an individual’s level and isn’t enough to turn the tide on the cyber gangs.
Sophisticated efforts are underway to use technologies such as artificial intelligence, machine learning, and network-based behavioral analytics to detect malware and suspicious activities. “Businesses set to spend $100bn on protection by 2020,” reported Financial Times. One of the key examples of AI’s application in security and threat analytics is IBM Watson. The company uses its Watson platform to detect cyber threats. “It can reduce the time spent on complex analysis of an incident from an hour to less than a minute,” said Caleb Barlow, vice-president of threat intelligence for IBM Security.
And, we know that speed matters a lot in cyber crimes. If your machines, networks or devices are harder to get by for the hackers, they’ll likely spend their energy and resources on low-hanging fruit in the form of systems and networks that are highly vulnerable and contain several exploits.
Where’s The Government?
And then there are efforts that federal agencies are making to spot and counter cyber criminals, from gangs to non-state actors. Take for example FBI that is brushing up its agents and personnel capabilities in cyber crime prevention.
Todd Carroll of the FBI’s Chicago field office advises businesses to trust FBI local offices and call them whenever possible in the company’s internal meetings to discuss data breach and other cyber incidents the company might have faced.
A rather bland talk but you might spot a few useful tips in the interview below if you run a business and might want to know how you can work with FBI to prevent or react to cyber attacks.