Solutions
Go Back

Make Security Possible

Reduce Alert Noise and False Positives

Boost your team's productivity by cutting down alert noise and false positives.

Automate Security Operations

Boost efficiency, reduce burnout, and better manage risk through automation.

Dark Web Monitoring

Online protection tuned to the need of your business.

Maximize Existing Security Investments

Improve efficiencies from existing investments in security tools.

Beyond MDR

Move your security operations beyond the limitations of MDR.

Secure with Microsoft 365 E5

Boost the power of Microsoft 365 E5 security.

Force-Multiply Your Security Operations

Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore Our Solutions
Security Operations Platform
Go Back

The GreyMatter Platform

Detection Investigation Response

Modernize Detection, Investigation, Response with a Security Operations Platform.

Threat Hunting

Locate and eliminate lurking threats with ReliaQuest GreyMatter

Threat Intelligence

Find cyber threats that have evaded your defenses.

Model Index

Security metrics to manage and improve security operations.

Breach and Attack Simulation

GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.

Digital Risk Protection

Continuous monitoring of open, deep, and dark web sources to identify threats.

Phishing Analyzer

GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.

Unify and Optimize Your Security Operations

ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Explore the GreyMatter Platform
Resources
Go Back

Resources

Blog

Company Blog

Case Studies

Brands of the world trust ReliaQuest to achieve their security goals.

Data Sheets

Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.

eBooks

The latest security trends and perspectives to help inform your security operations.

Industry Guides and Reports

The latest security research and industry reports.

Podcasts

Catch to the latest cybersecurity perspectives, tutorials and industry discussions with various guest speakers.

Solution Briefs

A deep dive on how ReliaQuest GreyMatter addresses security challenges.

Threat Advisories

The latest threat research report from ReliaQuest Photons research team.

Upcoming & On-Demand Webinars

Upcoming and on-demand webinars addressing the latest challenges and solutions security analysts must know.

White Papers

The latest white papers focused on security operations strategy, technology & insight.

Videos

Current and future SOC trends presented by our security experts.

ReliaQuest Resource
Center

From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Resource Center
Company
Go Back

Company

About ReliaQuest

We bring our best attitude, energy and effort to everything we do, every day, to make security possible.

Executive Leadership

Security is a team sport.

Careers

Join our world-class team.

Press and Media Coverage

ReliaQuest newsroom covering the latest press release and media coverage.

Become a Channel Partner

When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.

Contact Us

How can we help you?

A Mindset Like No Other in the Industry

Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Search
Go Back

Generic selectors

Exact matches only

Exact matches only

Search in title

Search in title

Search in content

Search in content

Search in excerpt

Post Type Selectors
Hidden

Hidden

Hidden

Hidden

Back to blog

FBI IC3 2020: Cybercrime Causes $4.1 Billion in Losses

admin 18 March 2021

Threat Intelligence

On March 17th, the Federal Bureau of Investigation (FBI) published its 2020 Internet Crimes Complaint Center (IC3) report. This report can be found here and provides a glimpse into the types of cybercrime reported to the FBI and the prominent trends observed by this law enforcement agency. Having an annual threshold to compare the size and impact of cybercrime across the years is a handy tool to monitor how the threat landscape evolves. And the stats for 2020 are merciless.

In 2020, IC3 received 791,790 complaints from the American public, resulting in a total of reported losses exceeding $4.1 billion. That’s 69% more than the previous year. Interestingly enough, Business E-mail Compromise (BEC) schemes accounted for almost half of the annual reported losses ($1.8 billion), followed by phishing scams and ransomware incidents. The COVID-19 pandemic also impacted the threat landscape, with unemployment and tax frauds reigning undisputed. Let’s now dive into the report and see how these threats are shaping the cybersphere.

*Quick stats from this year’s report highlighting cybercrime’s development*

Cybercrime in 2020 Shaped by COVID-19

To the surprise of absolutely no one, the COVID-19 pandemic was the main protagonist of last year. Throughout 2020, the IC3 received over 28,500 complaints related to COVID-19; primarily complaints associated with fraudsters targeting the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), a plan envisioned to support small businesses during the pandemic. Here at Digital Shadows (now ReliaQuest), we discussed some of the main tactics used in unemployment and tax relief fraudulent schemes in our recent posting Targets And Predictions For The COVID-19 Threat Landscape.

According to the IC3 report, one of the most prevalent schemes seen during the pandemic has been government impersonators reaching out to individuals through social media, emails, or phone calls. With many individuals spending more time online and becoming easily excited about COVID-19 updates and resources, click-through rates on malicious links undoubtedly soared. This factor enabled threat actors to extract valuable personal identifiable information (PII) and financial information from these phishing campaigns. Unsurprisingly, scammers also leveraged the vaccine rollout processes to lure victims into opening malicious links. However, we’ve stopped being surprised when it comes to fraudsters exploiting important events for nefarious purposes.

*Coronavirus Tax Relief and Economic Impact Payments fraud on Exploit Forum*

Business Email Compromise Increased Significantly

In the words of Digital Shadows (now ReliaQuest)’ CISO Rick Holland, “BEC just doesn’t get the attention it deserves.” In 2020, the IC3 handled almost 20,000 Business Email Compromise (BEC) complaints with a whopping estimate of over $1.8 billion in losses. The IC3 report claims that BEC schemes have significantly evolved over the past years, and they are now more sophisticated and targeted than ever before. According to Interpol, criminals use BEC scams to leverage social engineering tactics to gain sensitive information about corporate payment systems and then deceive company employees into transferring money into their bank accounts. An example of this trend is using stolen IDs to set up fraudulent bank accounts. Threat actors then use the bank accounts and transfer stolen money to their cryptocurrency wallets.

Tech Support Calls Fraud and Defrauding the Eldery

One particularly vicious technique highlighted by the IC3 reports concerns Tech Support Frauds. According to the FBI, “this scheme involves a criminal claiming to provide customer, security, or technical support or service to defraud unwitting individuals.” Criminals impersonate representatives from various well-respected institutions and convince their victims to make wire transfers to overseas accounts. This kind of fraud is a growing problem worldwide, with victims in 60 countries reporting these schemes to the FBI and estimates highlighting a 171% increase in losses from 2019.

One of the most pernicious aspects of this fraud is that most victims— two-thirds of them, to be precise—are reported to be over 60 years of age and experienced approximately 84% of the losses (over $166 million). That number is too significant to be left unaddressed. Digital security should be a priority for our society as we move towards an ever interconnected way of life. Empowering the elderly to prevent themselves from falling victim to frauds and cybercrime will be central in the coming years. Consequently, the Department of Justice and the FBI partnered to create the “Elder Justice Initiative” to grant everybody this right.

*Breakdown of the 2020 victims reported to IC3 by age group*

Don’t Worry, Ransomware Has Its Own Section Too

It should come as no surprise that one of the main threats observed by the IC3 in 2020 was ransomware. Our reporting about the evolution of ransomware in 2020 highlighted the severe danger caused by these operations, and the FBI just confirmed that.

In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million.

When I saw this number, I was surprised as it looked significantly lower than the figure than I had expected. However, the IC3 report also claims, “this number does not include estimates of lost business, time, wages, files, equipment, or any third-party remediation services acquired by a victim.” Besides, the number does not take into account victims who reported directly to FBI field offices and agents and, unsurprisingly, cannot consider the cases where victims decide to avoid reporting an attack to law enforcement.

January’s Department of Justice Netwalker indictment adds some additional perspective to the $29.1 million loss figure. A single Canadian Netwalker affiliate made over $27.6 million starting as early as April of 2020. To put that number into context—in less than a year, a person made nearly as much as all the losses due to cybercrime in the IC3 report combined.

Cybercriminals can use various techniques to infect victims with ransomware, such as email phishing campaigns and software vulnerabilities exploitation. The IC3 report also reserved a section to Remote Desktop Protocol (RDP) vulnerabilities as the means through which ransomware groups tend to gain an initial foothold in a victim’s environment. As we highlighted in our report, Initial Access Brokers: An Excess of Access, RDP access enables an attacker to control a victim’s computer remotely and is thus widely sold on cybercriminal marketplaces and the dark web. According to FBI Special Agent Joel DiCapua, “RDP is still 70 to 90 percent of the initial foothold that ransomware actors use”. Since this access-type is particularly prominent among cybercriminals, we even mapped MITRE ATT&CK to RDP exploits to have a better picture of how they leverage it in malicious operations.

*Graph extracted by our Initial Access Brokers research about popular access types*

Another interesting point raised by the report is when the FBI claims companies should never pay a ransom to the criminal actors demanding it. According to the report, “paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” On top of that, there’s no guarantee that paying the requested sum to the attacker will guarantee the desired result of having the files back.

The discussion about this aspect could go on forever and it would involve topics such as private-public partnerships and cyber insurance firms for sure. However, for the sake of this blog, it’s important to highlight that the report contains the process to follow to contact the FBI in the case of a successful ransomware attack. So go check that out if you’re interested in it (even keep it handy does not harm anyone).

Looking Forward to Cybercrime in 2021

The FBI IC3 report provides every year an exciting ensemble of cybercrime data and metrics that are useful to track the evolution of this phenomenon over time. This year’s report was fascinating because it highlighted the impact of the COVID-19 pandemic on the threat landscape. It reminded us once again of the importance of protecting the most vulnerable layers of our society in the security community’s commitment to make the internet a safer place.
Given the significant shift in the cyber threat landscape, due primarily to COVID-19, Digital Shadows (now ReliaQuest) will continue monitoring the development in threat actor activity and related techniques attempting to exploit “the new normal.” In the meantime, we continuously update a page of COVID-19 Threat Intelligence resources to help you navigate cyber threats in these challenging times. Additionally, you can sign up for our Threat Intelligence newsletter, which proactively learn of emerging intelligence events and adaptations in cybercriminals’ tradecraft.