Ransomware And BEC Attacks Among Top Threats Highlighted In FBI’s 2022 Internet Crime Report

According to the 2022 Internet Crime Report released by the FBI, losses due to cybercrime have surged by 49% to $10.3 billion in the current year, despite a 5% decline in the number of complaints received. In the past five years, the total loss due to cybercrime has exceeded $27.6 billion, with more than 3.26 million complaints received by the FBI’s Internet Crime Complaint Center (IC3).

Established in 2000, the IC3 serves as a crucial component of the FBI’s mission to combat cybercrime, which poses a growing threat in our interconnected world. It serves as a platform to receive and evaluate complaints related to various types of cybercrime such as online fraud, hacking, and identity theft. The main goal of the IC3 is to offer a dependable and user-friendly system for the public and its collaborators to report suspected cyber-enabled criminal activity. After receiving complaints about suspected cybercrime, the IC3 analyzes and shares the collected information for investigative and intelligence purposes, enabling the FBI to track and identify emerging trends in cybercrime, conduct investigations, and freeze stolen funds in some cases. The IC3 has received more than seven million complaints since its establishment, providing significant insights to the FBI and its associates to better safeguard the public against the detrimental consequences of cybercrime. In order to increase awareness of its mission to prevent cybercrime, the IC3 produces an annual report on public trends and regularly shares intelligence reports about cybercrime trends.

Ransomware attacks, one of the most talked-about types of cybercrime, have decreased by 36% year-over-year, from 3,729 complaints in 2021 to 2,385 complaints in 2022. However, the FBI warned that ransomware remains a significant threat, particularly to the healthcare sector. Healthcare organizations filed 210 ransomware complaints with the IC3 in 2022, a surge from 148 complaints in 2021. The IC3 noted that LockBit, ALPHV/BlackCat, and Hive were the top ransomware strains affecting critical infrastructure in 2022. Although Hive had previously been associated with healthcare ransomware attacks, the Department of Justice (DOJ) has taken action to shut down the group. The FBI also observed a surge in ransomware double extortion strategies, in which payment is required for stolen data in addition to file encryption to obtain decryption keys and prevent data sale or publication.

Although some cybercriminal groups have shifted to extortion-only tactics involving ransom demands and data theft without file encryption, the number of reported extortion attacks remained relatively unchanged, increasing slightly from 39,360 in 2021 to 39,416 in 2022. Phishing continues to be one of the most frequent attack methods, with the number of reported phishing attacks decreasing by 7% year over year to 300,497 incidents. However, phishing still remains the most common type of cybercrime in terms of victim count, preceding personal data breaches and non-payment/non-delivery crimes.

In 2022, BEC attacks ranked 9th in terms of complaints but ranked 2nd in reported losses, resulting in $2.7 billion lost to BEC attacks. Although the number of BEC attacks rose by 9% year-over-year, the losses from these scams declined by nearly 14.5%. Investment scams topped the list of cybercrimes in terms of reported losses, with $3.3 billion in losses, a 127% increase from 2021. Additionally, the FBI witnessed an unprecedented surge in crypto investment schemes in 2022, both in terms of losses and victim count. Tech support scams also saw a significant increase, rising to 3rd place in losses, with 32,538 complaints in 2022, up 36% from the previous year.

The FBI strongly advises the public to report any instances of cybercrime, as the IC3 plays a crucial role in collecting intelligence and data on cybercrime. By reporting incidents of cybercrime to the FBI’s IC3, the public can assist in linking complaints, investigating reported crimes, tracking trends and threats, and freezing stolen funds in some cases. The IC3 has received over seven million complaints to date, providing valuable data that helps the FBI and its partners better protect the American people from the harmful effects of cybercrime.

It’s also crucial for individuals and organizations to take proactive measures to protect themselves from cyber threats. This includes implementing strong passwords, two-factor authentication, and keeping software and systems up to date with the latest security patches. Organizations should also provide training to employees on cybersecurity best practices and have an incident response plan in place in case of a cyber attack. With losses totaling $10.3 billion in 2022, it’s more important than ever to be vigilant against cyber threats and to report any incidents to the IC3. By working together and reporting incidents of cybercrime, we can all contribute to making the digital world a safer place.