FBI’s Annual Cybercrime Report Shows Familiar Patterns With Costs Rising to $12.5 Billion

by | Mar 15, 2024

The 2023 FBI Internet Crime Report is out, and it does not provide cybersecurity professionals with any indication that work is about to get easier any time soon. Cybercrime complaints hit records levels on the year, ransomware attacks continue their sharp upward trend in total cost, and scams targeting both individuals and businesses are proving very lucrative for threat actors.

The headline item in the cybercrime report is the record number of complaints, an increase of 10% from 2022 to 880,418 on the year. The other piece of big news is the total cost of ransomware attacks, spiking 74% from the previous year and marking five years now of big jumps with each new report.

Cybercrime diversifies to prey on a broad variety of demographics

The cybercrime market is shaking out to have specific attacks and scams aimed at specific demographics and categories. Obviously, ransomware is aimed at larger businesses that have the ability to pay demands of millions of dollars. Investment scams are heavily targeting the age 30-49 age group, a demographic that has general tech savvy and available income. However, the majority of 2023’s complaints came from people over 60 years of age, who are still being heavily targeted with a combination of government impersonation and tech support scams.

The total reported cost of cybercrime in 2023 was $12.5 billion; this number has tended to see leaps of two to three billion each year since 2019, when it was only at $3.5 billion. This is only the cost determined by incidents logged by the FBI, however. Prior estimates have found that as few as 15% to 20% of victims may actually be going to authorities, and the damage is likely far greater than the official numbers. Businesses still often make ransomware payments quietly without public notice, and individuals will sometimes eat a loss from a scam out of embarrassment or lack of awareness about assistance available from law enforcement.

Crypto investment schemes, business email compromise and ransomware doing the most damage

Ransomware was never really expected to “go away,” but the highs created by the sudden shift to remote work and cloud services during the Covid-19 pandemic were expected to reverse eventually. That did seem to be happening to some degree in 2022, but ransomware appeared to be back on the rebound in 2023. Reported incidents went up 18% to 2,825, and costs soared by 74% to $59.6 million. Again, this is only the official number of reported incidents; other third-party estimates find that at least $1 billion was made in ransomware payments globally in 2023, the first time that particular milestone has been hit.

One trend that the FBI cybercrime report clearly establishes is that critical infrastructure is increasingly a prime target for ransomware gangs, with 14 of the 16 CISA-designated industry sectors reporting incidents in 2023. Attackers also have some clear preferences: health care, manufacturing and government facilities.

One small piece of good news from the cybercrime report is that the two ransomware gangs responsible for nearly a tenth of the total attacks between them, LockBit and ALPHV/BlackCat, now appear to be out of business thanks to the efforts of the FBI and its international partners.

Recent Posts

Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing
Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing

Employee targeted in the voice phishing attack received several different deepfake call attempts and at least one voicemail message, but did not respond as it’s exceedingly rare for anyone to communicate internally via WhatsApp, let alone for the CEO to randomly start peppering an employee with messages after business hours.

How can we help?

12 + 10 =

× How can I help you?