FBI reports cost of cybercrime doubled to $2.7B in 2018

The cost of cybercrimes reported to the FBI nearly doubled last year to $2.7 billion, according to a new report from the bureau’s Internet Crime Complaint Center (IC3).

In its annual Internet Crime Report, the FBI reports the IC3 received 351,936 complaints in 2018 – an average of more than 900 every day. But reports have increased gradually, climbing 17% from 2017. The cost of the crimes shot up 93%, from $1.4 billion in 2017.

The IC3 reports most of the complaints were about “non-payment/non-delivery scams, extortion, and personal data breaches,” with the greatest financial losses caused by investment scams, business email compromise, and romance or confidence fraud. Donna Gregory, Unit Chief at IC3, points out that the data reveals “a victim can be anyone who uses a connected device,” but the highest concentration of victims belonged to the over-50 set.

A bit of good news in the report is the mention of the newly formed Recovery Asset Team, a branch of the IC3 assembled in February 2018. The team has had great success particularly in the recovery of funds lost to business email compromises that led to fraudulent wire transfers or gift card purchases. Since the team’s inception, it’s been able to recover over $192M in stolen funds — 75% of the money lost to 2018 cybercrimes.

The FBI notes in the report that “The most important prevention tips include keeping hardware and software updated and protected by antivirus programs and strong passwords.”

Sponsorships Available

Sponsorships Available

Sponsorships Available

Millennial workers admit to security risks

Millennial workers are three times more likely than baby boomers to download sensitive company info and share company credit card or password info over chat apps, according to a new report on office workers and cybersecurity.

The report, published this week by cloud-based collaboration platform Symphony Communication Services, shared results of a recent survey that polled 1,569 office workers – half of them in the UK, half in the US. The survey measured the growth of collaboration platforms (Symphony, Slack, Skype, etc.) in the workplace as well as employees’ general attitudes towards them. The data revealed an unexpected insight: a shockingly casual attitude toward company security.

Among the eye-opening facts:

• Twenty-seven percent of employees admit they do not know their employers’ IT guidelines
• One in four admit to using their personal email to conduct business
• One in three admit to using their personal devices for work

The report shows millennial workers are the age group least worried about company security. Compared with baby boomers, millennials are twice as likely to use a communication app not approved by IT, share confidential information over a chat app, talk badly about their boss over a chat app, and gossip about coworkers.

An Avast expert says this human factor can be the most vulnerable spot in a company’s cybersecurity. “The vast majority of data breaches that take place in businesses start in the weakest link of the chain, the employees,” says Luis Corrons, an Avast security evangelist.  “Cybercriminals are aware of this and take advantage of the weaknesses in place, such as people ignoring security practices or using non-secure devices. Employers have to take this knowledge into the equation in order to secure their systems.”

Former cybercrime hero pleads guilty to malware creation

Marcus Hutchins, the British cybersecurity researcher who helped stop the WannaCry ransomware variant WannaCrypt in 2017, pleaded guilty this week to charges of writing malware.

Hutchins, a malware analyst-at-large who posts online educational materials, studied and accidentally defeated WannaCrypt two years ago, earning praise as a hero for putting an end to the global menace.

Months later, he was arrested in Las Vegas for creating malware with intent to sell. The charge was that Hutchins created the Kronos banking Trojan – malware built to steal login info and other data from bank networks and configured to target banking systems in a variety of countries, including Canada, the UK, France, and Germany – with the knowledge that an accomplice would sell it online. Hutchins was apprehended just as he had concluded a couple of cybersecurity conferences. He was ultimately indicted on six counts.

The case moved forward this week when Hutchins pleaded guilty to two of the charges. In a public statement, he wrote:

As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security. I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.

In exchange for Hutchins’ guilty plea, the US government will be dismissing the remaining counts. The cybersecurity expert faces up to five years in prison and $250,000 in fines per charge.

228K Danish passports have data errors

A quarter-million Danish passports may not know their right hand from their left. The passports contain microchips that hold the owners’ biometric data. The Copenhagen Post reports that passports issued between 2014 and 2017 suffered an encoding error that swapped the right-hand and left-hand fingerprint data for 228,000 citizens. Kube Data is the company responsible for encoding the information, and its CEO Jonathan Jorgensen downplays any idea of chaos due to the errors, claiming that only the state police have access to the encryption key which reveals the faulty info. “Many affected citizens have probably travelled with their passports without any problems,” Jorgensen added. Danish authorities are currently in discussion regarding next steps and whether or not those 228,000 citizens will require re-issued passports.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

 Learn more about products that protect your digital life at avast.com. And get all the latest news on today’s cyberthreats and how to beat them at blog.avast.com.