The US Federal Bureau of Investigation reports that last year the Internet Crime Complaint Center (IC3) received a record number of complaints, with potential losses exceeding $12.5 billion.
Although the figures for 2023 represent a 10 percent increase over 2022 and a 22 percent rise in losses suffered, the FBI fears that even this only represents the tip of a vast unseen iceberg of cybercrime. The report quotes the FBI’s recent infiltration of the Hive ransomware group, which discovered that only 20 percent of victims had reported the incidents to law enforcement authorities.
“As impressive as these figures appear, we know they are conservative,” says FBI Executive Assistant Director, Timothy Langan, adding that the reporting of cybercrime to the authorities is critical for the FBI’s efforts to pursue adversaries and share intelligence with its partners.
Investment fraud losses soar by 38 percent
The report identifies changes that have taken place in the cyber-threat landscape during 2023. Investment fraud was once again the costliest type of crime tracked by IC3, with losses to investment scams rising by a staggering 38 percent from $3.31 billion in 2022 to $4.57 billion last year.
According to the FBI, the second costliest category of cybercrime was business email compromise, with 21,489 complaints amounting to $2.9 billion in reported losses. After a brief downturn in 2022, ransomware incidents also rose, representing an increase of 18 percent over 2022. Reported losses from ransomware attacks rose 74%, from $34.3 million to $59.6 million.
The rise in ransomware losses is partly a direct result of emerging trends in attack methods observed by the FBI throughout 2023. These include not only the increased deployment of new strains of ransomware but also an increased ruthlessness on the part of the attackers. The report highlights “data-destruction tactics” that are increasingly used to ramp up the pressure on victims to pay up. This refers to an increasingly common tactic where ransomware groups release their victims’ most sensitive and critical data onto the Darknet, frequently to be auctioned off to the highest bidder.
The report did, however, sound a more positive note regarding the continued success of IC3’s Recovery Assets Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to enable the freezing of funds for victims. Last year, IC3’s RAT initiated the Financial Fraud Kill Chain (FFKC) on 3,008 incidents, with potential losses of $758.05 million. A monetary hold was placed on $538.39 million, representing a success rate of 71%.
