Simplifying the 2023 FBI IC3 Report: BEC Losses Surging to Nearly $3 Billion

In 2023, the FBI IC3 released its latest Internet Crime Report, analyzing cybercrime trends and detailing losses and victims. The report highlighted that business email compromise (BEC) continues as a significant threat, with reported losses nearing $3 billion. This marks a 7% increase over 2022, totaling $14.3 billion since BEC was first included in 2015. Initially at $264 million, BEC losses have surged over 1000%. Here are key insights to the report:

BEC, Still a Billion-Dollar Problem

Threat actors meticulously choose BEC targets based on financial access or susceptibility, using social engineering tactics to manipulate trust. In 2023, the Internet Crime Complaint Center reported 21,489 BEC complaints, with losses exceeding $2.9 billion. Each successful BEC attack now costs businesses an average of $137,132, up from $125,612 last year.

The FBI notes an evolution in tactics, with threat actors using custodial accounts for cryptocurrency exchanges or third-party payment processors.

Rise in Cryptocurrency-Related Investment Scams

In 2023, investment scams caused reported losses of $4.57 billion, topping crimes tracked by the IC3. Within this category, cryptocurrency-related investment fraud soared by 53%, from $2.57 billion in 2022 to $3.94 billion in 2023. These scams, often starting with romance or confidence schemes, target consumers, not businesses.

Ransomware Persists as a Threat

In 2023, the IC3 logged 2,825 ransomware attack complaints, resulting in losses exceeding $59.6 million. Notably, nearly 1,200 complaints were from critical infrastructure sector organizations hit by ransomware. While ransomware attacks can occur through various channels, email remains a preferred method for cybercriminals. These attacks often involve malicious links or files, posing significant threats to individuals and businesses.

It’s crucial to note that many ransomware infections go unreported, making it challenging to determine the true number of victims. For instance, when the FBI infiltrated the Hive ransomware group’s infrastructure, they found only about 20% of victims reported to law enforcement.

Analyzing the 2023 Cybercrime Data

The 2023 Internet Crime Report highlights ongoing challenges for organizations in defending against advanced threats.  Criminals increasingly rely on social engineering tactics, pretending to be executives, vendors, or even romantic partners to gain trust.  These socially-engineered attacks continue to rise yearly, exploiting human behavior as the weakest link in security.

The proliferation of generative AI over the past year has facilitated targeting humans rather than technology. Interestingly, the 2023 IC3 report doesn’t mention “artificial intelligence” or “AI,” likely to change in future reports. Criminals will exploit malicious AI tools like WormGPT and FraudGPT to bypass security solutions and manipulate targets effectively.

Protecting Your Organization from Becoming an IC3 Statistic

Understanding these numbers is crucial, but how can we act on them to safeguard our organizations, employees, and families?

Identifying the most successful threats guides us in allocating resources effectively to counter them.  You can do this with cybersecurity awareness training.  This remains essential, but it must be complemented with technology-driven detection to intercept attacks proactively.  The slowed growth of BEC losses suggests the effectiveness of this combined approach.

While cybercriminals innovate to evade security measures, the adoption of advanced technology has restrained BEC losses.  As organizations embrace AI-powered security tools, cybercriminals shift focus to other avenues of attack.  Collaboration with vendors and partners committed to combatting evolving threats is essential for security leaders.

Without a significant shift in detection methods, these numbers will likely continue to rise.  Intech Hawaii can be your partner in detecting and preventing you from being an IC3 statistic.  Contact us to learn more.