SPRINGFIELD, Ill. (WMBD) — The FBI Springfield Field Office held a round table discussion Wednesday to warn about the dangers of cyber threats and attacks.
Special Agent in Charge David Nanz, Supervisory Special Agent Regina Burris, and Pearl Technology President Dave Johnson joined members of the media to discuss where cyber attacks come from, how Illinoisans become vulnerable, and the systems in place to keep the state and country safe from bad actors.
According to SAC Nanz, there were over 9,000 complaints of cyber attacks registered in 2021, which resulted in over $7 billion in damages.
Illinois ranked as the fifth highest state to report internet crimes. Roughly 18,000 Illinoisans fell victim to cyber attacks in 2021, resulting in roughly $184 million in damages.
Types of cyber attacks include ransomware, business email compromise, and spear phishing. Motivations range from simple financial gain, to equipment hacking, to disrupting or compromising national security.
The largest perpetrators of national cyber attacks against the United States come from China, Russia, and Iran, with an unprecedented amount of attacks coming from China.
A majority of bad actors committing cyber crimes are overseas, but cyber attacks can occur on a personal level as well as a national one.
Ransomware involves a hacker encrypting the data of a user’s computer and essentially holding it hostage until a ransom is paid. In the past, users could restore data from backup files and avoid paying the ransom; currently, however, hackers compound their attack by threatening to release sensitive information online unless paid off by the victim.
“These cyber threats are constantly evolving as technology evolves,” said SSA Burris.
Business email compromise attacks occur when a high-ranking employee in a company is hacked and impersonated. Unlike malware or spam, emails from this hacked account appear to be valid and employees are more likely to fall victim to schemes if it appears their boss is asking them to do so.
Business email compromise was the largest source of money lost in cyber attacks in 2021.
Spear phishing is an attack in which a hacker can scrape data from social media sites or other accounts to effectively impersonate a person in order to gain money or data from others. Not only will the initial target have personal information stolen, but there is a possibility of information and/or money being received from connections as well, because they believe they are talking to the victim rather than an imposter.
Other cyber attacks can simply compromise equipment so that the bad actors can use another person’s computer to commit illegal activities, be it mining for bitcoin or setting up child pornography servers. Any computer, public or private, can be vulnerable, the agents stressed.
Crimes with financial motivation do not always involve theft of credit information or bank log-ins; essentially anything can be sold on the so-called “dark web,” from photos to private emails to health records.
While recent data is not yet available to confirm this trend, agents said they believe the amount of financial-based cyber crimes is going up since the COVID-19 pandemic due to an increased use of work computers on home wifi networks, an increase in children using iPads or Chromebooks for school, and an increased reliance on the internet.
To monitor possible and future cyber threats, the FBI partners with the Infragard private sector alliance. Pearl Technology President Dave Johnson leads the Peoria chapter of Infragard, which involves experts that the FBI trusts to provide insight on the different aspects of infrastructure that could become targets.
Infragard members work as the eyes and ears of the FBI when it comes to active cyber threats, Johnson said. They have access to a secure FBI portal where threats can be tracked and registered to help agents keep track of developments.
“Every system has vulnerabilities. There’s no such thing as a safe system. The only safe computer is one that you’ve hit with a sledgehammer, unplugged, and buried in your backyard,” joked Johnson.
This portal shares intelligence on threats, not private information, with Infragard partners, Burris clarified.
While SAC Nanz confirmed that there are not any clear and present threats to the Central Illinois area at the moment, there are actions that every computer user can take to prevent hacking and other cyber attacks.
- Don’t click on links in emails or message – type the website address directly into the browser.
- Do not respond to emails or messages from people you don’t know.
- Never share personally identifying information (Social Security Number, date of birth, etc.) via email.
- Use unique passwords for all websites and apps.
- Don’t post too much personal information online: wait until you are home to post pictures of a trip, don’t share your mother’s maiden name or other information that could be used in security questions, etc.
- Update security settings and data sharing settings on all devices and accounts.
- Keep devices updated to ensure that all software issues are addressed.
While some companies or organizations have large budgets put towards cyber security, anyone can fall victim to a cyber attack if they are not skeptical of the messages they recieve.
As SAC Nanz put it, “humans are the weak link in cyber security.”
To learn more about cyber security, visit the FBI Cyber Crime Division’s website.