Archives March 2023

IC3 Annual Report – 2022 Internet Crime Report

Dear Reader,

Today’s cyber landscape has provided ample opportunities for criminals and adversaries to target U.S. networks, attack our critical infrastructure, hold our money and data for ransom, facilitate large-scale fraud schemes, and threaten our national security. At the FBI, we know “cyber risk is business risk” and “cyber security is national security.” There is no shortage of recent examples showing the wide-ranging economic and national security effects of cyber crimes. We have seen cyber threats emanate from around the world and witnessed the scope and sophistication of these scams and attacks deepen. As these threats increase, we continue to encourage victims to report cyber incidents and cyber-enabled frauds to the FBI so that we may impose risks and consequences on malicious cyber actors.

Because cyberattacks and cyber-enabled frauds continue to affect our everyday lives, the FBI’s Internet Crime Complaint Center (IC3) is critical to combatting the cyber threat. The IC3 serves as a public resource to submit reports of cyberattacks and incidents, which allows us to collect data, identify trends, and pursue the threat at hand. In 2022, the IC3 received 800,944 complaints, which is a 5 percent decrease from 2021. However, the potential total loss has grown from $6.9 billion in 2021 to more than $10.2 billion in 2022.

While the number of reported ransomware incidents has decreased, we know not everyone who has experienced a ransomware incident has reported to the IC3. As such, we assess ransomware remains a serious threat to the public and to our economy, and the FBI and our partners will remain focused on disrupting ransomware actors and increasing the risks of engaging in this activity. In concert, the public can play a crucial role by taking proactive measures to prevent and prepare for a potential cyber attack and, if there is an incident, by reporting it to the FBI through the IC3. Though cybercriminals are continuously seeking to make their attacks more resilient, more disruptive, and harder to counter, public reporting to the IC3 helps us gain a better understanding of the threats we face daily.

The FBI’s commitment to assisting victims of cyber crimes and cyber-enabled frauds, as well as our dedication to working with partners to combat these crimes, allows for continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2022, RAT initiated the Financial Fraud Kill Chain (FFKC) on 2,838 Business Email Compromise (BEC) complaints involving domestic-to-domestic transactions with potential losses of over $590 million. A monetary hold was placed on approximately $433 million, which represents a 73 percent success rate. In 2022, RAT saw a 64 percent increase in FFKCs initiated compared to 2021.

While the cyber threat is ever-growing, the FBI remains appreciative of those individuals and entities who report cyber incidents to the IC3, as that valuable information helps fill in gaps that are crucial to advancing our investigations. Your efforts are critical to our ability to pursue the perpetrators and share intelligence to protect your fellow citizens. Cyber is the ultimate team sport, and we are in this fight together. The FBI is relentlessly focused on promoting safety, security, and confidence into our digitally connected world, and we are eager to continue working with the American public to bring cybercriminals to justice around the globe.

Timothy Langan
Executive Assistant Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

Backup, Backup, Backup!

Article (PSA-0022)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Backup, Backup, Backup!
Original release date: March 10, 2023

Reliable backups are the backbone of your IT “Disaster Recovery Plan” and “Business Continuity Plan”. Catastrophe can hit any business, no-matter how small or big you are, and catastrophe can come in many forms such as: fire, hardware failure or “ransomware”. The more data lost, the greater the impact on your business. Part of getting your business back up and running after a disaster, is being able to restore operations to where they were before the problem occurred. Businesses who have learned the value of backups employ the 3-2-1-0 backup rule. Lets take a quick look at each one of these rules.

Rule 3: Maintain at least three copies of your data and applications. That’s the one copy you’re using and two backups. This way, if one of your backups is unavailable for any reason, you can still recover what you need in a reasonable amount of time.

Rule 2: Store your backups on at least two different types of media. One reason for this is each type of media has its own vulnerabilities, and you don’t want both of your backups susceptible to the same problem. By utilizing different media, you can reduce your exposure to the same incident preventing access to both of your backups.

Rule 1: Keep one of the backups in a different location. Consider a catastrophe at your business, such as a break-in, fire or natural disaster. If all of your backups are at the same location, they will all be affected. This can result in total data loss for your business.

Rule 0: Verify your recovery plan has zero errors. It is not uncommon for businesses to implement a backup plan but fail to verify it is performing as expected. Regular testing is critical to ensuring you can recover your business data and applications in the event of a disaster.

It doesn’t matter if you are a business or home computer user, if you have anything on your computer that matters to you, it is your responsibility to make sure you have a backup plan in place. In my 20+ years of experience in the IT industry I have seen brand new hard drives fail within 90 days of purchase. I have seen years of family pictures vanish by accidental deletion and I have seen “un-tested” backups fail to restore important business files – files which everybody “thought” were being backed up.

If you are unsure of your backup status, give PSA Computer Services a call at (707) 506-6802.

Additional information on backups:
High availability – following the backup rule
The Importance of Effective Data Backup