FBI Highlights BEC, Tech Support Scams, Ransomware Concerns

  /     /     /  
Publicated : 22/11/2024   Category : security


FBI Highlights BEC, Tech Support Scams, Ransomware Concerns


The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.



Nearly $8 million was lost among victims of tech support scams, which exceeded 10,000 in 2016. Its one of last years major fraud categories, along with business email compromise (BEC), ransomware, and extortion.
These numbers come from the FBIs Internet Crime Complaint Center (IC3), which recently published its
2016 Internet Crime Report
. In the past year, the IC3 received 298,728 complaints with reported victim losses of more than $1.3 billion.
Its worth noting the IC3 states only about 15% of fraud victims in the United States report their crimes to law enforcement -- a small subset of the worlds cybercrime targets.
The IC3 monitors BEC and Email Account Compromise (EAC) scams as a single crime type, acknowledging how the two have become increasingly similar. In BEC attacks, the attacker gains control over an executives email and uses the account to steal money from the business.
BEC does not always involve transferring funds. In 2016, the IC3 discovered, these attacks evolved to include the compromise of legitimate business email accounts and requests for employees personally identifiable information (PII) and W-2 forms.
In the last year, the IC3 received 12,005 BEC/EAC complaints amounting to more than $360 million in losses, making this the most expensive crime type by more than $1 million. Most victims of BEC/EAC are based in the US and may be hired to illegally transfer funds for others.
Earlier this year, the FBI issued an alert for the
rise of BEC attacks
and stated the average loss is $140,000 per incident. Researchers at Proofpoint found a 45% increase in email account compromises and email-account spoofing (in which an attacker creates an email account similar to that of the account holder) between October and December 2016.
With more than $360 million lost in 2016, which is in addition to the billions already lost over the years, you would think that organizations would be more vigilant about defending their organizations against negligent insiders, says Christy Wyatt, CEO of Dtex Systems, noting how these scams have consistently proven successful for threat actors.
Businesses can make it tougher for cybercriminals to succeed by implementing a system of checks and balances for transferring money that goes beyond email authorization. They should also have insight into employee behaviors that can lead to security issues, and plan to address problems before they have major consequences.
 
Ransomware was another hot topic in the IC3 report. The organization received 2,673 ransomware complaints, which amounted to losses exceeding $2.4 million, in 2016.
While ransomware has been top-of-mind for security leaders following the massive WannaCry attack, it has been a growing cybercrime concern for far longer. Threat actors dont need to be technically advanced to launch potentially devastating attacks.
Its a low barrier of entry to a highly effective attack, says John Pironti, president of IP Architects. You dont have to be a sophisticated attacker to be effective now.
Basic security hygiene like access control management, patching and hardening systems, and monitoring traffic are all necessary to defend against ransomware he says. Nobody wants to do it because its not fun, he adds, but these steps are critical.
Research from
Kaspersky
indicates a rise in competition among ransomware actors, who are varying their techniques to remain effective. More threat actors are turning their attention to target ransomware attacks against businesses and specifically targeting financial organizations.
Experts anticipate ransomware on PCs will increase, albeit at a slower growth rate. Attacks are becoming increasingly targeted as cybercriminals recognize the profit gained from hitting businesses as opposed to individual users.
IC3 also put the spotlight on tech support scams, in which the attacker pretends to be associated with a software or security company and offers technical support. They obtain funds by taking control of the victims device for ransom, installing viruses on the target device, accessing computer files containing personal data, or threatening to destroy the machine.
Last year the IC3 received 10,850 tech support fraud complaints amounting to losses exceeding $7.8 million.
The IC3 states older victims are most vulnerable to tech support scams; however, other research indicates targets are increasingly younger. A study of 1,000 adults, by Microsoft and the National Cyber Security Alliance (NCSA), found 17% of victims who engaged with fraudsters were older than 55, and 50% were between the
ages of 18 and 34
.
Related Content:
Recovering from Bad Decisions in the Cloud
$12B in Fraud Loss Came from Data Breach Victims in 2016
8 Hot Hacking Tools to Come out of Black Hat USA
WannaCry? You’re Not Alone: The 5 Stages of Security Grief

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns