In March 2023, the FBI released its ICS3’s 2022 Internet Crime Report. The report reveals how the U.S. government agency received more than 800,000 cybercrime-related complaints in 2022 and reported total losses of over $10 billion.
The report indicates that the top five types of cyber-related crimes last year were phishing, personal data breaches, non-payment/non-delivery scams, extortion, and tech support scams.
Looking into these findings in more detail, for Digital Journal, is Anand Raghavan, Co-founder and Chief Product Officer at Armorblox.
Raghavan begins by putting the number of identified issues in context: “The FBI’s 2022 IC3 Report shows that while reported complaints have seen a slight decrease in 2022 compared to 2021, reported financial losses have significantly increased jumping from $6.9 billion in 2021 to over $10 billion in 2022.”
In terms of what the consequences of these financial loses are, Raghavan notes: “Unfortunately for the victims, this trend also means that the average loss per complaint is much greater than what has historically been seen over the previous 5 years. Half of these reported losses resulted from investment fraud and Business Email Compromise (BEC) attacks – both of which more than doubled in 2022 and increasingly involved investment accounts over banking accounts – followed by ransomware attacks.”
BEC is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company info. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam.
This leads Raghavan to address the primary attack mode: “With phishing remaining the most prominent crime type, and with email continuing to be the most popular attack vector for phishing, it is clear that more needs to be done to protect our nation’s critical infrastructure, enterprises and citizens against these threats.”
Raghavan is critical of the report in providing suitable advice, observing: “Where the IC3 report falls short is in making effective security recommendations to protect against the evolving sophistication and techniques of ransomware attacks, BEC, and data loss.”
Raghavan acknowledges: “The FBI recommends implementing user training and phishing exercises to raise user-awareness of these dangers.”
However, says Raghavan: “We know that user-training alone comes with serious shortcomings and organizations should not rely solely on this method to protect their organization. That is why implementing advanced email security solutions that can detect these types of threats are paramount.”
In terms of other threats, Raghavan states: “We also know that these attacks will only become harder to detect as bad actors gain access to tools such as deep fake libraries, ChatGPT 4.0, and Ransomware-as-a-Service (RaaS) kits.”
This leads Raghavan to conclude: “That’s why cybersecurity professionals responsible for organizational security and safeguarding customer data should look to adopt tools that utilize advanced technologies such as AI, ML, and large-language models to more accurately protect against these types of harmful attacks.”
