CybersecurityDissect Cyber notifies small businesses targeted by cybercriminals

Dissect Cyber promises an additional layer of security // Source: dissect.com

Cybercriminals are an insidious lot, constantly launching new schemes to steal money from individuals and companies. In the United States, millions of people and small businesses fall victim to internet crimes each year. Most small businesses do not have ready access to timely cybersecurity notifications of possible threats.

Financial loss from cybercrime is a significant and under-reported problem, the FBI’s Internet Crime Complaint Center (IC3) has found. The IC3 2015 Internet Crime Report reveals losses of nearly $1.1 billion across the U.S. from 127,145 internet crime complaints. Yet these staggering losses are just the tip of the iceberg. The IC3 report notes that only 15 percent of fraud victims report internet crimes to law enforcement.

DHS S&T says that to reduce losses from cybercrime, the DHS Science and Technology Directorate (S&T) Cyber Security Division (CSD) funded a new research initiative focused on the best way to alert small businesses to potential threats. The project, Dissect Cyber, is being led by a threat analyst training and alert provider with of same name. CSD is part of S&T’s Homeland Security Advanced Research Projects Agency.

The initiative’s goal is to develop validated strategies to increase the effectiveness of cybersecurity notifications to companies supporting critical infrastructure sectors, including the U.S. government. The research project, part of CSD’s overarching Internet Measurement and Attack Modeling (IMAM) project, provides no-fee, early notifications of possible internet-based scams to help minimize damage and loss to companies registered to do business with the U.S. government and listed on the System for Award Management (SAM) database.

“Through its research project, Dissect Cyber is providing very timely notifications that help small- to mid-sized companies from falling victim to well-targeted and executed internet and email scams,” says IMAM Program Manager Dr. Ann Cox. “In most cases, the Dissect Cyber research provides these notifications to targeted companies before the cybercriminals can launch their schemes. These advance notifications enable companies to take steps to avoid being victimized.”

Dissect Cyber monitors new internet domain registrations for web-domain spoofing that could match criteria for Business Email Compromise (BEC) scams. A BEC is a sophisticated scam that targets businesses working with foreign suppliers or that regularly perform wire transfer payments. The scam compromises a legitimate business e-mail account either by spoofing (sending an email using a forged address) or hacking the account.

These scams are gaining traction at an alarming rate. Since January 2015, losses from BEC scams have increased