New FBI Report Reveals Cyberthreats with New Twists

The recently released FBI Internet Crime Report 2019 alerts the public to current threats. It’s also useful data for MSSPs looking for insights from law enforcement on recent and ongoing criminal activity. Three of the top issues of most interest to MSSPs are tech support fraud, ransomware and phishing. While none of these is new to the threatscape, they’re all picking up in intensity.

The FBI reports that losses from tech support fraud in 2019 topped $54 million, up 40% from a year ago. The agency received 13,633 complaints about this issue from victims in 48 countries.

Tech-Support Scams

Comparitech’s Paul Bischoff

“Tech-support scams are a fast-growing problem according to the Bureau’s report. Microsoft is the most commonly impersonated company in these scams, and given that it leaked a huge customer service database earlier this year, that’s likely to continue,” said Paul Bischoff, lead researcher and privacy advocate with Comparitech.

The Microsoft customer service database leak Bischoff is referencing exposed 250 million Microsoft customer-service and support records over a 14-year period. No password or user authentication was required for anyone to see all of that data from a web browser. The potential for subsequent personalized tech support scams, phishing, spearphishing and whale phishing attacks is almost incalculable.

There’s an increase in the creativity behind such attacks as well. The FBI report cites some of the most recent as criminals posing as customer support for well-known travel industry companies, financial institutions or virtual currency exchanges.

However, there’s no downtick in more traditional tech support threat attacks including “email or bank account, a virus on a computer, or a software license renewal,” according to the report.

Ransomware

Ransomware attacks are increasing, and some say the number of such attacks exceed that which the FBI reported. But the consensus remains strong — ransomware remains a top threat.

“The FBI received 2,047 ransomware complaints accounting for losses of $8.9 million. I don’t know how the FBI adjusts for losses, but that seems like a very conservative estimate,” said Bischoff.

The FBI discourages paying the ransom in such attacks as the success only serves to encourage criminals to attack even more organizations. However, the FBI says in its report that if an organization does elect to pay the ransom it should also report the incident to the FBI and request assistance.

Ransomware attacks are particularly debilitating to organizations without the proper backups and restore plans in place prior to the incident. But even then, criminals are constantly adapting. For example, now ransomware attacks backups too.

Attackers are also targeting third parties for access to bigger organizations. On Feb. 11, NRC Health was hit by a ransomware attack, effectively expanding the threat to health-care institutions via third-party attack vectors. NRC Health collects patient satisfaction survey data that is used to determine doctors pay and Medicare reimbursements for hospitals.

BitSight’s Jake Olcott

“This incident isn’t just a wake-up call for NRC Health to better manage their own cyber risk, but it should sound the alarms for the hospitals and health systems that leverage their tools. Instead of breaking through the walls of hospitals and health systems, criminals now realize that an easier path to disruption is through a trusted vendor,” said Jake Olcott, vice president of BitSight, a security ratings company

“Supply-chain risk management must be a priority for the health care organizations that rely on an ever-growing ecosystem of vendors for day-to-day operations — and that starts with immediately assessing the security of those vendors and continuously monitoring their performance,” Olcott added.

But it’s not just …