Fraudulent funds transfer requests top cybercrimes, data shows

By Doug Bailey

Amid all the stories about sophisticated cybercrimes, organized hacking rings, and nefarious ransomware schemes, it turns out the most common crime impacting corporate America is simple fund transfer requests that send money into the accounts of criminals.

New Corvus Insurance Data show fraudulent funds transfers (FFT) accounted for more than 36% of all claims in the third quarter of 2022. The transfers, which generate substantial losses for organizations, are defined as attacks in which threat actors normally use email to trick employees or venders into simply sending funds to wrong accounts.

The rise in fraudulent funds transfers is linked to what Corvus called Business Email Compromise (BEC), which is a fancy way to explain how a malefactor tricks employees into giving up their account credentials and gain access to employee inboxes or records.

BEC represented more than 4 in 10 claims in 2021, rising about 10% to reach 45% of claims in 2022. The schemes can be as simple as a formal and legitimate looking email claiming an employees’ account has been breached that includes a link to reset the account. The link connects to the culprit’s site that can be tracked and recorded and then used to fraudulently access company accounts.

“It’s important to note that while ransomware dominates the headlines, BEC and FFT remain consistent workhorses of cybercrime,” the Corvus report said.

“While ransomware continues to be a dominant risk, we are seeing tactics change, including the rise of other forms of extortion as well as funds transfer fraud,” said Jason Rebholz, chief information security officer at Corvus Insurance. “The findings from our report serve as a reminder to all security leaders that cybersecurity is fluid and attackers will shift their methods, even revisiting old tactics, so long as they continue to reap financial benefits.”

The dollar losses from the average fraudulent funds transfer nowhere near match the typical ransomware attack, Corvus found. The average claim for a funds transfer incident was $90,000, while ransomware incident claims average $256,000.

“The total cost of claims, all-time, for ransomware is nearly three times that of FFT because claims resulting from FFT incidents do not typically involve costly data restoration, system recovery, business interruption, or breach response efforts that are commonly required following ransomware attacks,” the report said.

Ransomware attacks typically occur when cyber criminals gain access to a company-wide data and freeze it or lock it up, bringing business to a halt and promising to restore access only when a huge ransom is paid. In the first half of 2022, the percentage of ransomware claims remained at 34%, but the average ransom paid (a component of the overall claim cost) ticked up 4% to $255,000.

Third-party attacks, FFT, and ransomware were the top risk trends that led to cybercrimes in 2022 compared to 2021, Corvus said. It observed a 66% increase in third-party breaches in 2022, including a 20% increase in the share of third-party ransomware attacks.

It’s expected that ransomware and FFT will remain the top drivers of cyber loss, as Corvus data shows that ransomware and FFT are the two most consistent tactics of choice for threat actors, together representing more than half of all claims.

While there were fewer ransomware claims in the first half of 2022, a larger percentage of claims involved data exfiltration, a tactic used to increase leverage over the victim companies. The threat of stolen data is not limited to the victim's IT system — it can harm an organization's brand reputation and increase liability for exposure of sensitive information, Corvus said. Now occurring on nearly 50% of ransomware claims, a historic high, the rate of data exfiltration (theft) shows that attackers are attempting to generate additional points of leverage to increase the likelihood of a ransom payment.

“Rising instances of data exfiltration show that cybercriminals will respond quickly to thwart security professionals, and identify creative ways to increase leverage in ransom negotiations,” said Rebholz. “Insurers have visibility into these changes, enabling us to take an informed, proactive approach with our brokers, policyholders, and partners.”

The Corvus report said it’s clear that cybercrime is never going to be limited to a single method or style as criminals quickly adapt and successfully change tactics to thwart emerging defenses.

“Broad trends in IT security or law enforcement practices may force threat actors to adapt their strategy, or even fold a few hands, but they're not walking away from the table,” the report said. “Extortion, in various forms, will likely remain a key aspect of cyber risk.”

Doug Bailey is a journalist and freelance writer who lives outside of Boston. He can be reached at [email protected].