With more business being conducted online and remotely due to the coronavirus pandemic, the increased dependence on technology has been a boon for cyber criminals.
FBI Deputy Director Paul Abbate said criminals “took advantage of an opportunity to profit,” from this trend to go on an “internet crime spree.”
Abbate made the comment in the FBI Internet Crime Complaint Center’s recently released 2020 Internet Crime Report. The center indicated it received a record number of complaints from Americans last year (791,790) with reported losses exceeding $4.1 billion. It was an increase of more than 300,000 complaints compared to 2019. Complaints ranged from phishing scams to compromised emails, extortion and ransomware.
Attackers have targeted public and private entities alike — the city of Hartford and EMCOR in Norwalk are among those that have been victimized by ransomware attacks.
In the past year, with more businesses conducting operations online, demand for cybersecurity services has increased and it’s been a boon to accounting firms, which for years have joined IT companies in offering these services.
Accounting industry experts say it will be a growth area moving forward.
Scammers try a variety of schemes, such as ransomware, malware and phishing. They’ll send emails in an attempt to get an employee to click on a malicious link. Through phishing, a scammer typically impersonates a trusted individual, such as in an email, with a goal of getting key private information like passwords or credit card information, or to get the victim to wire money.
Mark Torello, partner in charge of Whittlesey Technology, a public accounting, technology and cybersecurity firm, which has offices in Hartford and Hamden, said the level of cyber incidents since the pandemic started has “gone through the roof.”
With so many people working remotely, the risk exposure has doubled, or more, and “incidents and breaches have followed suit,” he said.
If employees use home computers, they don’t have the same level of firewall protection as workplace computers, he noted. Home computers may be more likely to be infected with viruses and spyware. And with distractions at home, an employee may be more likely to click on a suspicious email, Torello said.
Whittlesey is primarily seeing business email compromises and phishing attacks. Perpetrators typically go to a company’s website, where they can often find information such as employee email addresses and key officials to target. They often pose as a high-ranking person seeking to get a staff member to wire money, he said.
In one case they investigated, a victim wired $50,000, mistakenly believing it was going to a vendor, Torello said.
Size doesn’t matter
Frederick Johnson, vice president of cybersecurity and digital forensics for Marcum Technology, which has an office in New Haven, said his company is also seeing a rise in the number of attacks with the shift to remote work.
“We have seen a very big upswing in demand for cybersecurity services,” said Johnson.
Companies want to know if activities can be done from home securely on home networks, and how they can make sure clients’ data is protected, Johnson said.
Many companies, particularly smaller ones, might question why they need to focus on cybersecurity, wondering why anyone would target them. But Johnson stressed that no one is immune from an attack.
“If you have systems with important data you can’t survive without, they like to use ransomware to attack you to get money from you — they do that to all different size companies,” Johnson said.
Smaller companies may also be targeted by scammers who are still learning their craft, according to Johnson.
“[For hackers and scammers] it’s best to train on a smaller company with minimal defenses and lower likelihood of detecting an attempted attack,” Johnson said. “Hackers get better at it and then move on to the larger targets where they can more directly benefit.”
David Nowacki, who serves as director of cybersecurity with CliftonLarsonAllen (CLA) in West Hartford, regularly works with a range of clients, such as government entities, higher education, financial services, manufacturers and private businesses on cybersecurity issues.
Demand for services has increased with so many businesses shifting to remote work, he said.
“Now every person who is working from home could potentially click on or download something,” Nowacki said.
Nowacki was brought in to blumshapiro, which recently merged with CLA, back in 2015 to help formalize the company’s cybersecurity practice. He said the number of ransomware, business email compromises and targeted phishing threats had been increasing for years, even before the pandemic upswing. Criminals have found certain tactics easier, such as holding an organization ransom and asking for a bitcoin payment, as opposed to stealing and then trying to sell credit card numbers.
Brian Mulligan, vice president of commercial sales with Glastonbury cybersecurity firm Kelser Corp., said his company is seeing an increase in threats and complaints too.
“Our world was turned upside down, and scammers trying to get data are certainly on the rise,” Mulligan said. “We have seen organizations’ data being held ransom, and I don’t see that threat going down anytime soon.”