The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. State-specific statistics have also been released and can be found within the 2020 Internet Crime Report and in the accompanying 2020 State Reports.
<p><span lang=\"EN-US\">The IC3 report mostly covers technology-driven fraud targeting individuals and organizations with modest in-house Incident Detection and Response (IDR) capacities. Moreover, the report includes only those incidents that were reported directly to the FBI’s IC3 center, not all cybercrimes or serious incidents being handled or investigated by the FBI. </span></p> <p> </p> <p><span lang=\"EN-US\">Many victimized organizations from regulated industries do not report security incidents to the IC3 specifically, let alone stealth incidents like SolarWinds that was undetected for a while and continues bringing new victims almost every day. Total losses from nation-state and other advanced hacking campaigns targeting US companies are probably hundreds of times higher than the adduced numbers, including lost profits and long-lasting losses caused by intellectual property theft, reputational damage and legal costs. </span></p> <p> </p> <p><span lang=\"EN-US\">The most popular incidents mentioned in the report involve human error, spanning from trivial consumer fraud and phishing to more sophisticated BEC hacking and ransomware campaigns. In 2020, attackers were aggressively exploiting pandemic-related topics, targeting desperate and vulnerable population – a trend that will likely persist this year. Unsurprisingly, most of the self-reported victims are over 60 years old – they may lack cybersecurity training and are susceptible to manipulation. </span></p> <p> </p> <p><span lang=\"EN-US\">What would be useful to have in the upcoming reports is the cybercrime clearance rate and factors that facilitate an investigation. Victimized people and future victims should be prepared to retain at least some basic digital evidence for examination and subsequent prosecution of the wrongdoers, otherwise, we will just continue speechlessly observing a cybercrime surge.</span></p>