Full Report
Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.
Analysis Summary
# Main Topic
Record-breaking financial losses incurred by US residents and businesses due to cybercrime in 2024, coupled with Google's reversal on its plan to deprecate third-party tracking cookies in Chrome.
## Key Points
- US entities lost a record **$16.6 billion** to online crimes in 2024, marking a 33% increase from 2023.
- There were **859,532** total complaints filed with the FBI's Internet Crime Complaint Center (IC3).
- Investment scams represented over **$6 billion** of the total losses.
- Business Email Compromise (BEC) scams resulted in **$2.7 billion** in losses.
- Google has reversed its decision to phase out third-party cookies in Chrome, maintaining its current tracking approach despite initial pledges and industry criticism.
- Google cites "divergent perspectives" from the ecosystem (publishers, developers, regulators) as justification for keeping trackers operational.
## Threat Actors
- General cybercriminals and organized scam operations, including industrial-scale compounds in Southeast Asia, often linked to Chinese criminals.
- Threat actors specializing in investment scams (often termed "pig-butchering").
- Actors leveraging Phishing and Extortion techniques.
## TTPs
- **Phishing and Spoofing:** Accounted for 193,000 complaints.
- **Extortion:** Accounted for 86,000 complaints.
- **Investment Scams:** Heavy use of cryptocurrency-related scams.
- **Business Email Compromise (BEC):** A significant contributor to financial losses.
- **Phishing via Encrypted Email Rollouts:** Potential for scammers to exploit new secure email invitation protocols (specifically mentioned in the context of Google Workspace E2EE invitations).
## Affected Systems
- US Businesses and Individuals (victims of financially motivated cybercrime).
- Google Chrome browser users (affected by the continuation of third-party tracking).
- Google Workspace accounts (indirectly affected by potential new phishing vectors introduced with end-to-end encryption features).
## Mitigations
- **For Financial Crime:** Increased vigilance against investment and BEC scams.
- **For Browser Privacy:** Users can manually disable third-party cookies in Chrome or switch to privacy-friendly browsers (e.g., Safari, Firefox, Brave).
- **For Google Workspace E2EE:** Security experts warn that users engaging with external recipients must be highly cautious regarding invitation links for new encrypted emails, as these may be leveraged by phishing actors.
## Conclusion
The financial impact of cybercrime reached historic highs in 2024, driven primarily by investment fraud and BEC, demanding heightened organizational and individual security controls. Concurrently, privacy expectations are tempered by Google's decision to retain third-party cookies in Chrome, necessitating proactive user action to maintain digital privacy while browsing.