WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
On February 11th, we were treated to an early surprise: The US Federal Bureau of Investigation (FBI) released its Internet Crimes Complaint Center (IC3) report for 2019. The IC3 report is published yearly and goes over cybercrime threats and trends as reported to the FBI. I sat down with Rick and Harrison to record a quick ShadowTalk episode on this year’s report. Check out the full episode here:
In 2019, the FBI responded to over 460,000 complaints and observed estimated losses of over $3.5 billion across all instances of reported cybercrime. In comparison, there were over 350,000 complaints and $2.7 billion in losses, as reported in the previous year’s 2018 IC3 report. That’s a 33% increase in the number of reports and a 30% increase in total reported losses from 2018 to 2019. Our coverage from previous years can be found here.
IC3 statistics showing an increase in reports and reported losses since 2011
There is a significant increase from 2018 to 2019, but how exactly have things changed? This blog covers the main highlights from the 2019 IC3 report, but like last year, I encourage you to download and read the full report. Again clocking in at only 28 pages, it’s light reading compared to some other federal reports and provides excellent insight into cybercriminal activity with real-world examples as witnessed by the FBI.
To the surprise of absolutely no one, business email compromise (BEC) attacks comprise the highest amount of reported financial loss for the fifth year running – ever since the FBI included it in the breakdown of crime types/losses reported in 2015.
In 2019, financial losses as a result of reported BEC attacks resulted in a whopping total of $1.8 billion. To put that into perspective, that’s more than the combined total of losses from all reported cybercrime in 2017’s report. In 2019, the second most lucrative attack technique was reported as confidence fraud/romance spoofing, which, in comparison, sits at a paltry $475 million. The number of individual reported BEC attacks were less than some other attack techniques, not even making the top five. However, this is to be expected: BEC attacks are inherently more targeted and not nearly as widespread as other, more common attack types like phishing (See our latest piece on The Ecosystem of Phishing). It also speaks to the sheer profitability of BEC: Just one attack can result in the theft of millions of dollars. Significant trends from 2019 highlighted by the FBI include an increase in BEC attacks explicitly targeting the diversion of payroll funds. Successful BEC attacks can result in hefty financial losses; organizations should ensure that staff members are trained on how to identify and report popular social engineering attempts that can result in BEC.
Phishing attacks, which also include vishing (phishing over the phone), smishing (phishing via SMS), and pharming (redirecting traffic to a malicious website), were by far the widest-reaching. The FBI reported over 110,000 victims in 2019. By nature, the majority of phishing attacks are designed to be indiscriminate and extensive. This also explains why financial losses caused by phishing attacks rank low compared to other attack techniques, coming in at 14th place. $58 million in damages is by no means small, and it’s still a 20% increase from last year.
It’s important to note that in many cases, phishing can serve as the first portion of an attack. For example, phishing can be used to facilitate BEC, which in turn leads to financial loss. The popularity of all-in-one kits that include templates and even the technical infrastructure needed to distribute emails en masse means that the barrier to entry can be much lower than other attack techniques.
Phishing statistics from our latest post on The Ecosystem of Phishing
Phishing can affect companies of all sizes and in all sectors; in addition to security awareness training, organizations should ensure that email filters are configured to prevent phishing emails from reaching employee’s inboxes.
For more information on the technical elements of email phishing, check out Digital Shadows (now ReliaQuest)’ Security Practitioner’s Guide to Email Spoofing and Risk Reduction. We also recently published a guide that provides an in-depth overview of the phishing ecosystem: The Ecosystem of Phishing.
For all complaints that include a victim age, the IC3 report breaks down the distribution of overall reported financial loss for various age ranges. Typically, individuals over the age of 60 comprise the highest total of victim count. In 2019, over 68,000 complaints concerned victims over the age of 60; this year’s report contained an entire section dedicated to fraud schemes against elders. This (sadly) makes sense: Cybercriminals typically view individuals in this age range to be more likely to fall victim to fraud and social engineering schemes.
But what caught my eye in this year’s report was a seemingly disproportionate impact on victims under the age of 20, especially when compared with previous years. In 2019, the IC3 received just over 10,700 reports from victims in this age bracket, which is in line with the victim counts for this group in previous years. However, the total loss for victims under the age of 20 was reported as over $420 million. On a loss per victim scale, that’s $39,000 per victim, over three times as much as the loss per victim of the second most impacted age bracket. $420 million is a 3,255% (yes, you read that correctly) increase from 2018, where victims under the age of 20 only had a total loss of about $12.5 million. It’s possible these numbers were skewed by a small amount of extremely high-value thefts, caused by reporting inconsistencies or are the result of behind the scenes recategorization of the IC3’s data models. Regardless, it’s currently unclear why these values are so disproportionately high, especially when compared to previous years.
Victims by age group comparison between 2018 and 2019
2019 was a big year for ransomware, particularly in the US. We saw the fall of GandCrab, a wildly popular (and purportedly profitable) ransomware-as-a-service, the subsequent rise of the more sophisticated Sodinokibi, and persistent attacks against small- to medium-size public sector organizations with variants like Ryuk. There is also an emerging trend of the “pay or get breached” model of ransomware attacks, popularized by threat groups such as Maze. In these attacks, ransomware operators steal the victim’s data before encryption, and publicize the names and/or the data of targeted companies that refuse to meet ransom demands. Organizations should have incident response plans in place that account for this new model of ransomware attack.
Contrary to what you may be led to believe based on the swathe of media reports on ransomware attacks over the past year, ransomware sits relatively low in the IC3 chart, both in victims and financial losses. In 2019, the FBI reported approximately 2,000 victims and almost $9 million in total reported losses. But these numbers should not be taken for face value: The FBI notes that these numbers are likely artificially low. The reported financial loss does not account for additional costs that result from a ransomware attack, such as business loss during system downtime or payments to third-party remediation providers. Additionally, the reported financial losses only consist of what was directly reported to the IC3 and do not include any reports made to local field offices or agents.
Of note, the FBI has added guidance for organizations affected by ransomware, explicitly advising them not to pay ransom demands. However, they do also caveat this with an understanding that in crisis scenarios, affected organizations will evaluate all options to protect their shareholders, employees, and customers.
Last year, the FBI established its dedicated Recovery Asset Team (RAT) to open more direct communication channels with financial institutions to help assist in the recovery of funds for victims involved in BEC schemes. In their first year, RAT reportedly assisted in the recovery of over $300 million from online scams, claiming an impressive 79% success rate. This year, the IC3 created the Recovery and Investigative Development (RaID) Team to partner with financial and law enforcement investigators to dismantle money mule organizations. RaID oversees both RAT and the Money Mule Team (MMT), which was created to specifically perform analysis and research on previously unknown targets to develop new investigations.
If there’s one thing to take away from all this, it’s that cybercrime will continue as long as money can be made: It would be surprising if next year’s report shows a decrease in reported losses.
If you want to hear more from us, check out our ShadowTalk episode on your favorite podcast player, or listen here. Otherwise, feel free to download and read the full IC3 report here.