And while some businesses and entities may not think they are vulnerable, authorities say it’s probably only a question of time. That means hospitals, energy companies, emergency services, infrastructure sectors, and even regular businesses.
“We are inundated with it,” Johnnie Sharp, special agent in charge of the FBI’s Birmingham field office, said.
“The level of pain that cybercrime has induced on Americans is ever increasing. The FBI is trying to prevent and disrupt this kind of activity. The more we can get our message out there, the less victims we will have.”
It’s a push that coming directly from the top of the agency.
Director Christopher Wray last month told members of Congress that cybercriminals are not only bent on disrupting national security, but also the nation’s economic security.
Alabama has been no stranger to the effects of cyber crime.
Take last year, when the Colonial Pipeline disruption took place due to a ransomware attack in May 2021. The pipeline, which cuts through Alabama, supplies about 45% of all fuel consumed on the East Coast. The company eventually paid $4.4 million to hackers who broke into its computer systems.
Panic buying as a result of the disruption sent gas prices soaring and quickly depleted service stations in several eastern states for days.
DarkSide, a group based in Russia, was identified by U.S. officials as the criminal hacking group responsible for the ransomware attack on the pipeline. Officials were able to later recover millions in ransom.
Also in 2021, JBL, the world’s largest meat processing company, paid an $11 million ransom to put an end to a major cyber-attack that reportedly shut down its U.S. beef plants.
In June, a multi-state cyberattack shut down Alabama’s online jobs database,but the attack affected as many as 40 other states, including Tennessee, Iowa and Nebraska, and Washington D.C., and in some, prevented residents from filing unemployment claims.
Sharp said attacks are growing more sophisticated and more subtle.
A rise in the number of cases can be traced back to the beginning of the COVID-19 pandemic, when millions of Americans began working from home, and cybersecurity become harder to maintain for many companies.
With better technology also comes more attacks. In 2019, for example, most of the cyberthreats could be linked to a particular kind of malware called RYUK.
This year, at least 100 different malware variants are being used, he said.
The actors may be standard criminals, but other threats are coming from state-sponsored threats within Russia, China, Iran and North Korea. China, in particular, is posing a particular challenge.
“What we see is Chinese intelligence service activity that targets our Fortune 500 companies in order to gain or steal intellectual properties, to give Chinese companies an edge on the world stage,” Sharp said.
Threats may take different forms. Even a traditional “Mom-and-Pop” business, for example, has personnel files, with names, birthdates, Social Security numbers and addresses - all very desirable information that can be used in identity theft.
But there’s also spoofing email, which mimics routine invoices from trusted vendors.
“Say there’s a company that does a lot of business with another company,” Sharp said. “You get a criminal actor who makes the email look like another email from that business, saying that they’ve changed their bank, so you need to send your payment to a new routing number and new account. We see that a lot.”
Complicating the ability to fight this kind of activity is the embarrassing nature of the crime. Sharp said FBI investigators became aware of a business network in the Birmingham area that had been compromised before the company’s own IT department was aware. FBI agents attempted to contact the company, which then thought the agents were part of a scam. This allowed time for the attack to take place.
At the same time, Sharp said, other companies are hesitant to call the FBI for help if they have been breached, for fear of the resulting publicity.
“We let the company divulge what they want to,” Sharp said. “We try to determine who did it, and work in concert with the company and the Department of Homeland Security to mitigate the intrusion.”
Sharp said businesses are better off establishing relationships with the FBI before cyberattacks.
If you believe you have been attacked, you can call the FBI Birmingham Field Office at (205) 326-6166 or FBI Cyber Division CYWATCH at 1-855-292-3937 or email cywatch@ic.fbi.gov.
“It’s becoming impossible to miss,” Sharp said.
© 2022 Advance Local Media LLC. Distributed by Tribune Content Agency, LLC.