In yesterday’s blog, I wrote about the importance of having a separate entity that would deal with all of the Cybersecurity issues at a national level.  It is my firm belief that the need is there, and the justification for having a so-called Department of Cybersecurity is plainly clear. 

There are just too many things happening in the Cyber Threat Landscape for all of the entities in the US Federal Government to speak to one another in a quick and efficient manner.

By having this entity, all communications and issues can be addressed and dealt with from one single point, thus streamlining the process to even greater extents.  But another reason why a Department of Cybersecurity is needed is that our current law enforcement is stretched to its breaking points. 

For example, the Secret Service is already overburdened with protecting Presidential Administration, and the FBI pretty much (as far as I know) has all of its agents working on other high-profile crimes.

In fact, this was also a point that was brought up in the podcast about the CCPA.  I asked the attorney (who was the guest) how enforcement of this law is currently taking place.  He simply stated that the California AGs (Attorney General’s) office is just too swamped to be enacting this law on a proactive basis. 

Instead, they are taking a pure reactive approach; meaning, if something bad does happen, and only if it is reported under the clauses provided by the CCPA, will any action be taken.

My jaw just dropped in sheer shock when he said this.  I mean, how can you have a law that was passed, which is so important to the residents of California, and not even have the ability to enforce it???  I am still trying to wrap my head around this one.  I simply cannot believe it.

But to put more detail in just how overtaxed our current law enforcement is when it comes to fighting Cybersecurity, the FBIs Internet Crime Complaint Center, also known as the IC3, just released its findings in a report that just came out.  It is entitled the “2019 Internet Crime Report”, and it can be downloaded from this link:

https://www.fbi.gov/news/stories/2019-internet-crime-report-released-021120

This particular center was established in 2000, and has been in operations since then, fielding all sorts of Cybercrime and digital security breach complaints.  But 2019 was the year in which this office of the FBI actually saw the highest number of cases filed:  a staggering 467,361 cases were filed, which breaks down to about almost 1,300 on a daily basis.  All I can say is WOW.  That certainly is overwhelming. 

But keep in mind that it is not just the complaints that were being filed.  It is also the highest year in which the IC3 also reported the highest dollar volume of financial losses as a result of these Cyberattacks from happening.  So, how much was the damage you might be asking???  A jaw breaking $3.5 Billion.  This number includes losses to both businesses and individuals alike here in the United States.

The illustration below depicts on a state by state basis where all of the complaints have been filed:

(SOURCE:  https://www.fbi.gov/news/stories/2019-internet-crime-report-released-021120)

The IC3 also noted that the actual number of new threat variants have not really emerged; but rather, the same ones are being used, but instead, the Cyberattacker is simply getting that much more sophisticated and cleverer in how they deploy these vectors.  The most common forms of Cyberattacks included the following:

*Phishing (especially that of Business Email Compromise, where fake invoices are being sent);

*Extortion and espionage;

*Romance fraud (which can happen at any time, but the peak for this is right around Valentine’s Day);

*Spoofed websites.

But there is a new trend here which needs to be noted.  And that is, rather than delivering the malicious payload directly by Email, the Cyberattacker of today is now using text messages to deploy them.  So, the text message may contain a link to a spoofed website, with a sense of urgency attached to it in order to get you to respond to it. 

But keep in mind, any reputable organization will never ask you to submit your Personal Identifiable Information (PII) over a text message, and nor will they even initiate this kind of dialogue with their customers.

This tactic is actually called “Smishing” and is getting more sophisticated day by day.  For example, the Cyberattacker could heist your contact list from your iPhone or Android device and send a Smishing text with a legitimate phone number, thus making it look like a genuine and authentic text message from one of your acquaintances.

With regards to Business Email Compromise (BEC), there was a total of 23,775 complaints filed, with the end result being more than $1.7 billion in losses.  In this regard, the trend has been to hit upon the payroll and/or accounting department of a business, where they receive an Email from claiming to be from an employee wanting to update their direct deposit information.

But this was never sent by the employee, it was sent actually by the Cyberattacker, and the updated bank information is nothing but a phony and fraudulent offshore bank account that probably exists somewhere in China. 

My Thoughts On This

Despite these staggering numbers, the good news is that the IC3 so far has done a great job when it comes to recovering the stolen financial assets of either the individual or business.  For example, it was able to recover more than $300 Million just in 2019 alone. 

That is a huge rate of recovery.  Also, through the IC3, the FBI has been very successful in terms of streamlining the flow of communications and forming relationships with the private sector.

In this regard, the IC3 has partnered with Money Mule Team, in order to raise the awareness level if you are involved with the transfer of illicit funds.  In this scenario, once the unsuspecting victim has developed a trusting relationship with their so-called online partner, they are often asked to open a bank account in which to transfer some amount of money for a good cause. 

But this good cause is, unfortunately, that phony, offshore bank account just described.  And the money is actually laundered gains, harnessed from illegal sources.  Since you are intermediary in this process, you become known as the proverbial “Money Mule”, thus the name given to the task force.

More information about being a money mule can be seen here at this link:

https://www.fbi.gov/news/stories/fbi-joins-international-campaign-to-stop-money-mules-121718

If you take a detailed look at the illustration earlier in this blog, you will notice that the state of California has filed the highest number of complaints with the IC3, followed by Texas, New York, and Florida.  I find this to be rather ironic, given the recent passage of the CCPA.

Anyways, I think it is great that the FBI is taking such a proactive approach in fighting off Cyberattacks, and even recovering a portion of that money which was stolen.  But the numbers described only underscore the need for even more law enforcement to work in close conjunction with both the FBI and the Secret Service. 

This is, once again, where the role of the hypothetical Department of Cybersecurity would come into play.

With another resource added and more funding, more agents and specialists can be hired so that the proactivity which has been fostered by the FBI can be escalated to even greater levels.