- Email compromise, extortion, tech support fraud and payroll diversion contributed to a total of $2.7 billion in consumer and business losses in 2018, according to the Federal Bureau of Investigation's Internet Crime Complaint Center's (IC3) report on internet cybercrimes.
- Last year the IC3 received more than 20,000 complaints pertaining to business email compromise (BEC) and email account compromise (EAC). Bad actors disguise as business leaders with "legitimate" email addresses acquired through social engineering or hacking. The losses added up to $1.2 billion because of the unauthorized transfers of funds, according to the report.
- Fraudulent tech support cost victims almost $39 million last year, a 161% increase year-over-year from 2017, according to IC3. Extortion costs increased 242% year-over-year, with victims losing more than $83 million in 2018.
Taking advantage of whomever is on the other side of a malicious emails or support tickets is getting easier for hackers. Hackers' abilities to appear as authentic as possible in attacks is maturing.
Infiltrating trusted applications or supply chains are the new calling cards for bad actors. Living off the land style of attacks, or using tools already available on computers, make it easier to avoid detection.
Executing script or a system tool appears more innocent than a malware campaign, where attribution is more easily traceable. Hijacking software updates are ideal for hackers exploiting zero-day vulnerabilities.
Because hackers' level of sophistication is always maturing, companies have to meet attackers head on. Maintaining a level of skepticism — observing software modifications or details in fraudulent emails — can mitigate further risk.
Cybercrimes in 2018 cost companies an average of about $13 million, but those losses are just the beginning of recovery.
Damaged-beyond-repair enterprise systems could demand an unplanned tech refresh, not to mention the laborious task of rebuilding consumer trust if a breach resulted from the crime.