While ransomware remains one of the most talked about cyber issues targeting enterprises, business email compromise (BEC) has remained the largest source of financial losses according to the FBI’s Internet Crime Center (IC3) – with losses totalling $2.4 billion in 2021. When grouped with ransomware and cryptocurrency theft, BEC and these other crimes led to Americans losing $6.9 billion last year compared to $4.2 billion in 2020. Complaints about cybercrime losses are up 7%.
Initially, BEC scams spoofed or hacked a business email account of someone with senior ranking in the organisation and then instructed someone more junior to transfer funds to the scammer’s bank account. Many of these scams seemed to target real estate companies. Today, scammers are using virtual meeting platforms to spoof credentials and hack emails and then initiate fraudulent money transfers which are immediately transferred to cryptocurrency wallets and then rapidly dispersed. This makes the investigation and recovery efforts much more difficult.
During these virtual meetings, fraudsters are using pictures of the company’s CEO with no audio, or deep faking the audio, and sometimes even the video, using AI while the scammers claim there is some issue with their connection. Despite ransomware attacks grabbing the most headlines, these attacks amounted to losses of around $50 million in comparison to BEC losses of $2.4 billion. However, there has been an increase in “high-impact” ransomware attacks on critical infrastructure operators in 2021 based on data provided by the FBI, NSA, and agencies in the UK and Australia. ‘Ransomware-as-a-service’ is also trending as hackers provide negotiation services and brokers to gangs.
The healthcare, financial services, and IT sectors were the most frequently targeted for ransomware attacks last year according to IC3 and it expects a larger number of complaints this year, but doesn’t recommend paying ransoms. New US legislation requires critical infrastructure operators to report hacks and ransomware attacks to CISA instead of the FBI.
It has been estimated that cyber criminals have washed over $8 billion of cryptocurrency last year, typically using mixers or tumbler software to split the large sums and blend it with other transactions before forwarding the amounts to new addresses.
No comments:
Post a Comment