FBI officer gives overview of cyber threats

A Federal Bureau of Investigation Public Affairs Officer gave a Clay Chamber of Commerce group an overview of emerging cyber threats to small businesses.

Amanda Videll spoke to the Bridge-to-Bridge Council on Wednesday, Oct. 12, in Fleming Island.

Videll said cyber threats to organizations can range from activists who want to use networks owned by others to advance their personal or political ideologies to state actors engaging in acts of war.

Videll said the bureau in Jacksonville is most concerned about network intrusions from Russia, China, North Korea and Iran.

“It’s estimated in the billions of dollars in the past few years alone that these four countries have cost entities,” she said. “As far as cyber goes, they do it for various reasons: financial gain, certainly theft of information…China is accessing some of our research labs…and influencing citizens. We’ve talked a lot about this on the election side recently.”

Videll also noted threats to infrastructure, like the DarkSide ransomware attack on the Colonial Pipeline in May 2021, which resulted in the company shutting down gasoline and jet fuel deliveries to the eastern U.S. for six days.

Ransomware

The public affairs officer delved further into ransomware, which according to a fact sheet Videll handed out, is a type of malicious software that encrypts data on a victim’s computer, making it unusable.

A malicious cybercriminal holds the data hostage until the ransom is paid. If the ransom is not paid, the victim’s data remains unavailable. Cybercriminals may also pressure victims to pay the ransom by threatening to destroy the victim’s data or to release it to the public.

Videll said that the bureau believes cybercriminals are increasingly targeting medium and smaller-sized businesses with ransomware attacks.

Videll said criminals most commonly infect victims’ computers with ransomware by persuading someone in the victims’ organizations to click a link within an email.

“Don’t download files,” she said.  Don’t click the link. It really comes down to that.”

Videll added that business owners should make sure their systems up updated and that they perform regular backups of their data.

“If you do not have an emergency response plan or a continuity plan, please consider putting one together for your organization,” she told the group.

She also said some victims kept their backups connected to their primary data, making the backups accessible to ransomware.

“You’ve got to disconnect that backup from the system for that backup to remain safe,” she said.

Email compromise

Videll said email compromise is another scam used against victims in the legal, financial and mortgage industries.

She said criminals will find potential victims with access to money through social media like LinkedIn. The scammers will then send an email with malware to the potential victim, designed to monitor their email. If the potential victim clicks a link in the scammer’s email, the criminal can then read all incoming and outgoing emails from the victim.

“They watch for wire transfer instructions to be sent from one entity to another,” Videll said.  “Then, when that comes through, they will send a secondary email with new wiring instructions.”

She added that the scammer’s secondary email, which follows the legitimate first email, will contain instructions to send the money to a different account.

‘They often say that it needs to be done now because there’s no time to wait,” she said. “You have to jump on this immediately. We see this happen on Friday afternoons at four o’clock all the time.”

  Videll added that the bureau has recovered some funds from email compromise through its Recovery Asset Team and partnerships with financial institutions. She added that victims must notify law enforcement immediately after discovering the crime to recover funds stolen through email compromise.

Skimming

Videll also addressed skimming: the practice of installing surveillance devices on gas pumps to capture customer credit card information and then using that information to steal.

The devices are often a card reader installed on the pump and a camera placed to capture PINs and zip codes typed into the pump’s keypad.

She said the practice is more common in south Florida but also occurs in the Jacksonville area.

Videll said the best way to avoid being victimized is to follow the instructions on the pump and use one hand to hide the other, punching in the PIN or zip code into the keypad.

“It can’t work if the camera can’t see your hand typing in the PIN,” she said. “It seems silly, but do it, seriously.”