FBI IC3 2022 Internet Crime Report Identifies Key BEC and Ransomware Trends

FBI released the 2022 Internet Crime Report examining major trends found across complaints investigated by the Internet Crime Complaint Center (IC3).

Context

On March 27, 2023, the Federal Investigation Bureau released the IC3 2022 Internet Crime Report. The report covers major trends found across complaints investigated by the IC3, which the FBI defines as “an intelligence-driven and threat focused national security organization with both intelligence and law enforcement responsibilities.”

Key Takeaways

According to the report key takeaways of interest to the retail, hospitality, and travel communities include:

  • In 2022, The IC3 received 800,944 complaint and logged $10.3 billion in reported losses due to cybercrime incidents.
  • Phishing was by far the most reported “cyber crime type” with 300,497 reported incidents in 2022, followed by personal data breaches, non-payment/non-delivery fraud, extortion, and tech support scams rounding out the top five at much lower levels.
  • The IC3 received nearly 22 thousand complaints related to business email compromise (BEC) and estimates adjusted losses related to BEC to be over $2.7 billion. IC3 noted the marked increase in prevalence of BEC, more sophisticated tactics such as spoofing legitimate business phone numbers to confirm details with victims, and increased targeting of investment accounts in 2022.
  • The IC3 received 2,385 ransomware complaints and recorded losses of $34.3 million. The IC3 noted a significant increase in data leak extortion attempts by threat actors in 2022.
  • Commercial facilities reported a total of 58 ransomware incidents, food and agriculture organizations reported 48, and transportation organizations reported 32 incidents.
  • Lockbit was the most prevalent ransomware reported at 149 instances, BlackCat was the second with 114, and Hive was third with 87 instances.

Community Impact

The key findings in the IC3 report largely corroborate trends observed and reported in the RH-ISAC community:

  • Phishing is by far the most common initial infection vector reported by the community. 
  • BEC remains a central concern for the community and a leading form of fraud in prevalence and severity, including evolving tactics. 
  • Major ransomware strains, including Lockbit, are routinely observed, stopped, and reported by the community. 

More Recent Blog Posts