Cybercriminals made $7bn in pure profit in 2021, says FBI
Another year, another batch of record-setting cybercrime losses
The FBI's latest yearly cybercrime report is bad news for those of us trying to stay safe: The criminals continue to have a leg up, leading to record financial losses.
The FBI's Internet Crime Complaint Center (IC3) released its annual report compiled from 847,376 complaints it received in 2021. It said businesses lost in excess of $6.9bn from the attacks.
Those nearly one million complaints in 2021 were a 7 percent increase from 2020, in which 791,790 complaints were filed. Go back a year further and that number was just 467,361, meaning there was a big jump in 2020 that shows no signs of slowing to pre-pandemic numbers.
The report credits the jump, and persistent increase in 2021, to the COVID-19 pandemic and the shift to remote work and school, which has in turn paved ther way for new attack vectors.
Vectors opened during the COVID-19 pandemic don't necessarily affect the types of crimes, or the proportion in which they're committed. Phishing and related crimes (live vishing and smishing) have held a solid control as the most popular attack method since 2019, when they leapt past non-payment/non-delivery (NP/ND) scams. Following phishing in 2021 (in descending order) were NP/ND, personal data breaches, identity theft and extortion.
The IC3 report breaks the most popular scams down into five areas, sorted here not by the most frequent, but by total estimated losses.
Business email compromise
There were 19,954 BEC complaints to the IC3 in 2021 that accounted for approximately $2.4bn in losses. There is a bright spot here in the form of the IC3 Recovery Asset Team.
The IC3 RAT is a group with streamlined access to financial institutions that is designed to freeze funds as soon as a compromise is reported. To date, the RAT has recovered $328.32m and said it was successful in 74 percent of the cases it was involved in.
While criminal use of cryptocurrency has reportedly been declining in proportion to its legitimate user base, but it still accounts for massive amounts of illicit funds being moved, to the tune of $1.6bn in 2021.
That's a seven-fold increase in the amount of cryptocurrency stolen in 2021 versus 2020, despite a decrease in the number of complaints year-over-year.
Confidence and romance scams
While it's the second highest in terms of number of attacks, confidence and romance tricksters only made it to third place in total earnings, with $956m stolen as a result of extortion.
The FBI said that cryptocurrency scams have become a popular endgame for romance and confidence tricksters, with $429m of total crypto losses in 2021 attributable to their cons.
Tech support scams
- Defending critical infrastructure: The status quo isn't working
- Anatomy of a business email scam: FBI dossier details how fraudster pocketed $500k+ by redirecting payments
- Conti ransomware gang leak: 60,000 messages online
- Confessions of a ransomware negotiator: Well, somebody's got to talk to the criminals holding data hostage
The greatest in number, with 29,903 reports in 2021, were tech support scams, which famously target older, less tech-savvy people. In 2021 cybercriminals earned $347m from such activities, a 137 percent increase from 2020.
Unsurprisingly, the FBI said that nearly 60 percent of tech support victims are over 60 years of age, and account for 68 percent of the total losses in this category.
IC3 took time to point out which critical infrastructure sectors were most hit in 2021, with healthcare far and away reporting the most attacks. Financial services followed, then IT, critical manufacturing and government facilities. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust