Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    FBI Reports $1.33B in Online Victim Losses; BEC Tops List of Attacks

    By
    Sean Michael Kerner
    -
    June 26, 2017
    Share
    Facebook
    Twitter
    Linkedin
      New Wave WannaCry

      The FBI’s Internet Crime Complaint Center (IC3) has issued its 28-page 2016 Internet Crime Report, detailing $1.33 billion in victim losses from a total of 298,728 complaints during the year.

      Multiple forms of online attacks, including business email compromise (BEC), tech support fraud and various payment scams, were reported to the IC3 in 2016. Surprisingly ransomware, which has been cited as a growing trend in multiple security vendor reports, was not found to be a major factor in the IC3’s 2016 report.

      The top source of fraud by financial loss that was reported to the IC3 in 2016 was BEC. Also known as email account compromise (EAC), BEC is a type of scam where an attacker uses phishing email to trick a company into paying fraudulent invoices and accounts payable requests. Over the course of 2016, the IC3 received 12,005 BEC/EAC complaints, resulting in losses of more than $360 million.

      Earlier this year, the IC3 reported that from October 2013 until June 2016, BEC-related fraud losses were estimated at $5.3 billion. One of the largest single cases of BEC fraud was reported in March, with the U.S. Department of Justice (DOJ) charging a single individual in connection with a BEC scam that resulted in the theft of more than $100 million from a pair of U.S. corporations.

      Ransomware

      In contrast to the high volume of BEC incidents and losses, ransomware was not as widely reported or impactful in the IC3 report. The IC3 received just 2,673 ransomware complaints that resulted in victims losing approximately $2.4 million. 

      The FBI’s data on ransomware stands in stark contrast with other security industry reports that have shown a broader impact. The 2017 Verizon Data Breach Investigations Report (DBIR) reported a 50 percent rise in ransomware in 2016. And in its first-quarter 2017 malware report, security firm Kaspersky Lab claimed that its technology was used to help block ransomware attacks against 240,799 users.

      Symantec, in its Internet Security Threat Report (ISTR), which was released in April, said it detected 463,841 ransomware attacks in 2016, up from 240,665 in 2015. According to Symantec, the average ransomware payout was $294 in 2015 and grew to $1,077 in 2016. A November 2016 study from security firm SentinelOne reported that 50 percent of organizations have responded to a ransomware campaign.

      More recently, the WannaCry ransomware attack in May impacted at least 200,000 victims across 150 countries, according to Europol. 

      So why is the FBI seeing relatively few reports of ransomware? There are several reasons.

      Even in the case of WannaCry, which was widely reported, the financial impact to whom a ransom was demanded appears to be relatively muted. As of June 20, approximately $136,000 was paid in ransom to the Bitcoin wallets associated with WannaCry. That means that not every victim or organization that was impacted by WannaCry ended up paying a ransom. To be fair, even if a ransom isn’t paid, there is likely a financial impact in terms of IT staff, downtime and recovery costs.

      The simplest response to ransomware for organizations that are prepared is to recover encrypted data from a secured backup. It’s likely that organizations impacted by ransomware but were able to successfully recover did not report every incident to the IC3.

      The other likely factor in play is that not every organization will choose to report an incident to the FBI, whether they are able to recover from it or not. Another possibility is that security vendors are doing such a great job protecting organizations against ransomware that there isn’t a reason to complain to the FBI. Whatever the case, the divergence between security vendor figures for ransomware and the FBI’s statistics will be an interesting metric to track in the months and years to come.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×