FBI Internet Crime Report 2020
The Internet Crime Complaint Center (IC3) branch of the FBI released its 2020 Internet Crime Report since our last newsletter, which aggregates and highlights cybercrime data provided by the general public. The full report is freely available to read or download, but in case you had other things you wanted to get done today, here are a few of the highlights:
2020 saw the largest number of submitted cybersecurity complaints to date, with 791,790 reported incidents totaling an estimated $4.2 billion in losses.
Phishing attacks were far and away the biggest complaint submitted, with 241,342 reported in 2020, representing an 110% increase from 2019 (114,702 reported).
California, Florida, Texas, New York, and Illinois were the top 5 most victimized states, with 216,664 reports between them.
Interestingly, while Ohio was 12th in number of reported claims, they were 5th in total losses per state. California was the top victimized state in both total claims and total losses.
Business email compromise was the victim loss leader, with approximately $1.87 billion in victim losses.
These types of reports, including reports from independent research centers that we have discussed before, are clearly showing one thing specifically - cybercrime is on the rise.
Security News
On that note, there are two common themes that we have seen recently in cybercrime news: ransomware and malicious code.
Ransomware
PC manufacturer Acer was hit with ransomware and the demand of $50M may be the highest ransom demand to date. BleepingComputer reports that the attackers, the REvil gang, may have used the recently publicized Microsoft Exchange server vulnerabilities to gain their initial access. The attackers have published apparently stolen files from the breach, including bank balances, financial spreadsheets, and financial communications.
New ransomware variants, DearCry and BlackKingdom, have been detected targeting the Microsoft Exchange vulnerabilities that we have discussed in our previous newsletters.
Internal systems are still inactive and "under maintenance" following a ransomware attack against IoT producer Sierra Wireless in Canada. While the initial attack occurred on March 20th, Sierra Wireless has refused to share additional information about the attack at this time.
A Spanish union has reported that the labor agency has suffered a ransomware attack affecting the IT systems that manage unemployment benefits. However, Spain's State Public Employment Service director has reported that unemployment benefits have not been impacted and there was no loss of personal data.
Darkreading reports that the average ransomware payment nearly tripled from 2019 to 2020, for an average payment of $312,000 in 2020.
Malicious Code
Researchers have discovered malicious Chrome extensions that will introduce adware, redirect users to malicious websites, and even steal users’ credentials. Moreover, the researchers from Cato Network discovered that few of these extensions or the domains that support them are being blocked by security tools and protection systems.
Attackers are trying to mimic the success of the Solarwinds hack by targeting supply chains. A recent example comes from Apple, where hackers developed a malicious open source library for developing macOS apps. The available library, TabBarInteraction, though, also includes the malicious code, XcodeSpy, that installs a variant of the EggShell backdoor. As the name “XcodeSpy” implies, this backdoor spies on the developer and can potentially record footage from the victim’s camera, microphone and keyboard activity.
Just as attackers will register fake websites that mimic real domains for phishing attacks, attackers are also creating open source libraries that mimic existing, popular libraries (such as nmap-python instead of the popular python-nmap). The goal of these fake libraries is to trick developers into downloading the malicious library, whether due to a typo in programming or simply due to a lack of research, and unfortunately, these tactics are working. Researchers found more than 700 malicious libraries like these in the RubyGems repository as of April 2020.
Comments