Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/12/2020
04:45 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

FBI: Business Email Compromise Cost Businesses $1.7B in 2019

BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.

Business email compromise (BEC) attacks cost organizations an estimated $1.77 billion in losses in 2019, reports the FBI, which received a total of 23,775 complaints related to this threat.

The FBI's Internet Crime Complaint Center (IC3) this week released its "2019 Internet Crime Report," which digs into cybercrime trends throughout the year. In 2019 the IC3 received 467,361 complaints, which cost organizations $3.5 billion overall – up from $2.7 billion in 2018.

The most frequently reported complaints relate to phishing and similar attacks, non-payment/non-delivery scams, and extortion, officials say. But the most expensive complaints are related to BEC, romance or confidence fraud, or copying the account of a person or vendor to collect personal or financial data about a victim familiar with them, according to the report

BEC attacks, also known as email account compromise (EAC), are constantly evolving as adversaries become more sophisticated. Back in 2013, scams often started with the spoofing of a CEO's or CFO's email account. Fraudsters sent emails appearing to come from these execs to convince employees to send wire transfers to fake accounts.

Since then, BEC has evolved to include the compromise of personal and vendor emails, spoofed lawyer email accounts, and requests for W-2 data. Attackers often target the real-estate sector and/or make requests for expensive gift cards. In 2019 IC3 saw an increase in BEC complaints related to the diversion of payroll sums: Attackers send a fake email to a human resources or payroll department requesting an update to a specific employee's direct deposit information.

Gift card attacks are especially popular toward year's end. In the fourth quarter of 2019, they made up 62% of all BEC attacks, Agari researchers point out in its Q1 2020 "Email Fraud and Identity Deception Trends" report, published today. The weeks leading up to the holidays are prime for gift card fraud because attackers can target any department, not just HR or payroll. In the last three months of 2019, gift cards requested in BEC scams averaged more than $1,600, according to AGari.

"The attackers are looking for new sources of revenue from people," says Erich Kron, security awareness analyst at KnowBe4. "For example, instead of just going after wire transfers, something that people are becoming aware of, they have changed to redirecting paychecks to different accounts or getting people to purchase a large number of gift cards, then having them send the card numbers and information under the guise of an executive rewarding employees or thanking vendors."

Kron also points to a rise in hybrid attacks in which a victim receives an email making a request and simultaneously receives a text message from a spoofed number designed to seem like the same person, saying they sent an email. It's a highly targeted but effective technique, he says, and it's less commonly known than wire transfers. Victims trust the second request source.

Agari also noticed a rise in impersonation attacks. Phishing and BEC attacks impersonating specific people reached 32% between October and December 2019, up from 12% in the second quarter. Now these threats are around the same level as brand impersonation (36%).

Other Forms of Cybercrime to Watch
The IC3 reports cases of "elder fraud," or financial schemes that target or disproportionately affect people over 60, are increasingly common. They may be the victims of investment fraud, romance scams, tech support scams, or government impersonation fraud. In 2019 the IC3 received 68,013 complaints from elderly victims, with adjusted losses exceeding $835 million.

Tech support scams, in which a criminal poses as a technical pro to defraud victims, are a growing problem on their own. The IC3 received 13,633 complaints related to tech support fraud in 2019 from victims across 48 countries, with losses amounting to more than $54 million.

Then there is ransomware, another type of cyberattack undergoing evolution as attackers grow increasingly sophisticated. In 2019 the IC3 received 2,047 complaints identified as ransomware, with adjusted losses of more than $8.9 million. It urges victims to not pay ransom to attackers.

A variety of new techniques are helping attackers bypass security tools and launch successful ransomware campaigns, says Tal Zamir, founder and CTO at Hysolate. They target non-email applications like Slack, WhatsApp, and Teams, as well as existing vulnerabilities in antivirus products. Attackers are also known to build fileless malware designed to slip past endpoint security agents. User devices have a huge code base for attackers to target, including the operating system code and middleware.

"Losses will continue to increase as ransomware becomes more sophisticated and can cause greater harm," says Zamir. "If in the past ransomware was limited to encrypting local files and demanding a ransom for decrypting, next-generation ransomware might automatically leak some of the data to show the potential damage or even go further and encrypt or leak data in cloud systems that aren't available locally on the endpoint."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide"

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Blog@123
50%
50%
[email protected],
User Rank: Apprentice
2/19/2020 | 11:43:02 PM
Cyber security
This post by Kelly is such an eye-opener to understanding all the cybersecurity problems. It is very crucial to be careful about what is happening around us on the internet. Blind belief and sharing of personal data must be restricted and monitored. There are numerous cyberattacks, and most of them are mentioned here. Thank you for the information and tips to handle such issues.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.