Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
Threat Advisories
The latest threat research report from ReliaQuest Threat Research research team.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
On March 17th, the Federal Bureau of Investigation (FBI) published its 2020 Internet Crimes Complaint Center (IC3) report. This report can be found here and provides a glimpse into the types of cybercrime reported to the FBI and the prominent trends observed by this law enforcement agency. Having an annual threshold to compare the size and impact of cybercrime across the years is a handy tool to monitor how the threat landscape evolves. And the stats for 2020 are merciless.
In 2020, IC3 received 791,790 complaints from the American public, resulting in a total of reported losses exceeding $4.1 billion. That’s 69% more than the previous year. Interestingly enough, Business E-mail Compromise (BEC) schemes accounted for almost half of the annual reported losses ($1.8 billion), followed by phishing scams and ransomware incidents. The COVID-19 pandemic also impacted the threat landscape, with unemployment and tax frauds reigning undisputed. Let’s now dive into the report and see how these threats are shaping the cybersphere.
To the surprise of absolutely no one, the COVID-19 pandemic was the main protagonist of last year. Throughout 2020, the IC3 received over 28,500 complaints related to COVID-19; primarily complaints associated with fraudsters targeting the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), a plan envisioned to support small businesses during the pandemic. Here at Digital Shadows (now ReliaQuest), we discussed some of the main tactics used in unemployment and tax relief fraudulent schemes in our recent posting Targets And Predictions For The COVID-19 Threat Landscape.
According to the IC3 report, one of the most prevalent schemes seen during the pandemic has been government impersonators reaching out to individuals through social media, emails, or phone calls. With many individuals spending more time online and becoming easily excited about COVID-19 updates and resources, click-through rates on malicious links undoubtedly soared. This factor enabled threat actors to extract valuable personal identifiable information (PII) and financial information from these phishing campaigns. Unsurprisingly, scammers also leveraged the vaccine rollout processes to lure victims into opening malicious links. However, we’ve stopped being surprised when it comes to fraudsters exploiting important events for nefarious purposes.
In the words of Digital Shadows (now ReliaQuest)’ CISO Rick Holland, “BEC just doesn’t get the attention it deserves.” In 2020, the IC3 handled almost 20,000 Business Email Compromise (BEC) complaints with a whopping estimate of over $1.8 billion in losses. The IC3 report claims that BEC schemes have significantly evolved over the past years, and they are now more sophisticated and targeted than ever before. According to Interpol, criminals use BEC scams to leverage social engineering tactics to gain sensitive information about corporate payment systems and then deceive company employees into transferring money into their bank accounts. An example of this trend is using stolen IDs to set up fraudulent bank accounts. Threat actors then use the bank accounts and transfer stolen money to their cryptocurrency wallets.
One particularly vicious technique highlighted by the IC3 reports concerns Tech Support Frauds. According to the FBI, “this scheme involves a criminal claiming to provide customer, security, or technical support or service to defraud unwitting individuals.” Criminals impersonate representatives from various well-respected institutions and convince their victims to make wire transfers to overseas accounts. This kind of fraud is a growing problem worldwide, with victims in 60 countries reporting these schemes to the FBI and estimates highlighting a 171% increase in losses from 2019.
One of the most pernicious aspects of this fraud is that most victims— two-thirds of them, to be precise—are reported to be over 60 years of age and experienced approximately 84% of the losses (over $166 million). That number is too significant to be left unaddressed. Digital security should be a priority for our society as we move towards an ever interconnected way of life. Empowering the elderly to prevent themselves from falling victim to frauds and cybercrime will be central in the coming years. Consequently, the Department of Justice and the FBI partnered to create the “Elder Justice Initiative” to grant everybody this right.
It should come as no surprise that one of the main threats observed by the IC3 in 2020 was ransomware. Our reporting about the evolution of ransomware in 2020 highlighted the severe danger caused by these operations, and the FBI just confirmed that.
In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million.
When I saw this number, I was surprised as it looked significantly lower than the figure than I had expected. However, the IC3 report also claims, “this number does not include estimates of lost business, time, wages, files, equipment, or any third-party remediation services acquired by a victim.” Besides, the number does not take into account victims who reported directly to FBI field offices and agents and, unsurprisingly, cannot consider the cases where victims decide to avoid reporting an attack to law enforcement.
January’s Department of Justice Netwalker indictment adds some additional perspective to the $29.1 million loss figure. A single Canadian Netwalker affiliate made over $27.6 million starting as early as April of 2020. To put that number into context—in less than a year, a person made nearly as much as all the losses due to cybercrime in the IC3 report combined.
Cybercriminals can use various techniques to infect victims with ransomware, such as email phishing campaigns and software vulnerabilities exploitation. The IC3 report also reserved a section to Remote Desktop Protocol (RDP) vulnerabilities as the means through which ransomware groups tend to gain an initial foothold in a victim’s environment. As we highlighted in our report, Initial Access Brokers: An Excess of Access, RDP access enables an attacker to control a victim’s computer remotely and is thus widely sold on cybercriminal marketplaces and the dark web. According to FBI Special Agent Joel DiCapua, “RDP is still 70 to 90 percent of the initial foothold that ransomware actors use”. Since this access-type is particularly prominent among cybercriminals, we even mapped MITRE ATT&CK to RDP exploits to have a better picture of how they leverage it in malicious operations.
Another interesting point raised by the report is when the FBI claims companies should never pay a ransom to the criminal actors demanding it. According to the report, “paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” On top of that, there’s no guarantee that paying the requested sum to the attacker will guarantee the desired result of having the files back.
The discussion about this aspect could go on forever and it would involve topics such as private-public partnerships and cyber insurance firms for sure. However, for the sake of this blog, it’s important to highlight that the report contains the process to follow to contact the FBI in the case of a successful ransomware attack. So go check that out if you’re interested in it (even keep it handy does not harm anyone).
The FBI IC3 report provides every year an exciting ensemble of cybercrime data and metrics that are useful to track the evolution of this phenomenon over time. This year’s report was fascinating because it highlighted the impact of the COVID-19 pandemic on the threat landscape. It reminded us once again of the importance of protecting the most vulnerable layers of our society in the security community’s commitment to make the internet a safer place. Given the significant shift in the cyber threat landscape, due primarily to COVID-19, Digital Shadows (now ReliaQuest) will continue monitoring the development in threat actor activity and related techniques attempting to exploit “the new normal.” In the meantime, we continuously update a page of COVID-19 Threat Intelligence resources to help you navigate cyber threats in these challenging times. Additionally, you can sign up for our Threat Intelligence newsletter, which proactively learn of emerging intelligence events and adaptations in cybercriminals’ tradecraft.