Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report
By James Turgal, Vice President of Cyber Risk, Strategy and Board Relations, Optiv
The FBI recently released its annual Internet Crime Report for 2023, based on complaints received by the Internet Crime Complaint Center (IC3). The report paints a concerning picture of the cybersecurity landscape in the United States. With a record-breaking 880,418 cybercrime complaints filed in 2023, resulting in potential total losses that exceeded $12.5 billion, the need for a collective effort to strengthen national cybersecurity defenses is more critical than it’s ever been.
The 880,418 complaints are a nearly 10 percent increase in complaints received, and the $12.5 billion represents a 22 percent increase in losses suffered, compared to 2022. As alarming as these figures appear to be, they are likely much higher in reality, as there are many victims of cybercrime that don’t report to authorities. For instance, in the FBI’s report, they cite the Hive ransomware group and the fact that about 20 percent of Hive’s victims reported their incidents to law enforcement. If that 20 percent number remained consistent across the board, that would mean that there were more than 4.4 million cyber incidents in the past year. That number is simply too high.
Diving deeper into the report, there are several key areas that demand more attention if we want to bring cybercrime numbers down in 2024.
Investment Fraud Leads the Pack
Investment fraud emerged as the report’s most damaging cybercrime in 2023. Losses surged 38 percent to a whopping $4.57 billion, highlighting a troubling rise in sophisticated financial scams. This dwarfs all other cybercrimes tracked by the IC3. Business Email Compromise (BEC) scams resulted in $2.9 billion in losses, while tech support scams disproportionately impacted the elderly, resulting in $924 million in losses. Though overall losses were lower for tech support scams, the impact on individual victims, especially those with limited technical knowledge, can be devastating.
To combat these issues and improve numbers moving forward, we need a targeted approach. Investment awareness campaigns for younger adults, cybersecurity training for businesses, and tech-support literacy initiatives for seniors are crucial. Collaboration between law enforcement, financial institutions, and cybersecurity experts is also essential to disrupt fraudulent operations and hold attackers accountable. Most importantly, we all must remember that if anything seems too good to be true, it probably is. No matter the situation, it’s always better to take your time and ask people you trust before giving away your personal information.
Ransomware Back on the Rise
Following a brief period of decline in 2022, ransomware attacks came roaring back in 2023, with a 74 percent increase in reported losses ($59.6 million) and an 18 percent increase in complaints reported (2,825). These significant increases underscore the growing sophistication of cybercriminals who are exploiting a growing number of vulnerabilities for substantial financial gain. Specifically, the FBI has observed emerging trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate.
Ransomware’s resurgence demands a multi-faceted defense. Organizations must prioritize layered security, implementing robust controls across email, network, data, and endpoint protection. Breaking down security silos and integrating tools with an XDR platform is essential. This holistic view allows for a deeper understanding of attacker tactics, including emerging trends like double extortion and multiplatform threats. Frameworks like MITRE ATT&CK can further pinpoint vulnerabilities, while monitoring for activity associated with common attacker tools helps detect suspicious behavior. Furthermore, regularly analyzing lessons learned and adapting your security controls is crucial for staying ahead of evolving threats.
Phishing Remains Relentless
While phishing came in 21st on the list of most lucrative crime types, with losses totaling $18.7 million, it was once again the most prevalent cybercrime overall with nearly 300,000 complaints to the IC3 in 2023. This was almost five and a half times the second most popular complaint – personal data breaches.
This highlights the constant threat that phishing poses due to a general lack of cybersecurity awareness. We can all be vigilant by clicking with care and staying wary of suspicious emails, texts, and messages on social media, no matter where we are. To fortify our defenses, public awareness campaigns and education is key. Regular training programs can equip individuals and organizations alike to identify phishing attempts. Organizations should also leverage eLearning courses and run simulated phishing exercises to further train their employees and keep phishing top of mind. Additionally, implementing multi-factor authentication adds an extra security layer which can make a big difference. Working together – individuals, organizations, and cybersecurity experts – we can significantly reduce the effectiveness of phishing attacks.
Looking Ahead
The FBI’s report highlights the growing threat of cybercrime, but it doesn’t have to define our future. By paying closer attention to the biggest threats, prioritizing cybersecurity awareness campaigns, fostering collaboration between public and private sectors, and implementing robust security measures, we can begin to turn the tide. Let’s make 2024 the year we collectively outsmart cybercriminals and create a safer digital landscape for everyone.
James Turgal is the former executive assistant director for the FBI Information and Technology Branch (CIO). He now serves as Optiv Security’s vice president of cyber risk, strategy and board relations. James has personally helped many companies respond to and recover from ransomware attacks and is an expert in cybercrime, cyber insurance, cybersecurity, ransomware and more. James draws on his two decades of experience investigating and solving cybercrimes for the FBI. He was instrumental in the creation of the FBI’s Terrorist Watch and No-Fly Lists.