And other cybersecurity incidents, from the FBI.
A series of cyberattacks across Texas, including some in the Houston region, are part of a growing statewide and national trend of increasingly sophisticated groups working through computers to steal money and information, according to officials in the FBI.
In 2022, for instance, the FBI received more than 21,800 complaints of a cyberattack called a business email compromise scheme, totaling around $2.7 billion in reported losses, said Connor Hagan, a spokesperson for the FBI’s office in Houston. Of that total, around 1,900 were in Texas with about $260 million in losses. That’s an increase from about 1,600 victims in Texas as recently as 2020, according to FBI data.
“The fraudsters have become more sophisticated,” Hagan said. “And because they’re continuing to evolve, we’re seeing new things each day.”
The FBI tips comprise just one type of cyberattack, Hagan said. Ransomware attacks accounted for another 2,300 complaints totaling more than $34.4 million in losses.
Texas ranked third in the number of total victims of internet crimes and fourth in the reported losses from those schemes, according to the FBI’s 2022 Internet Crimes Report.
Several other Texas-based institutions have been affected by ransomware attacks in recent months. Cybercriminals use malware software to prevent institutions from accessing files on their computers, which they can then use to demand a ransom or auction off to the highest bidder.
Stephen F. Austin University, for instance, was hit by a ransomware attack from a group called Rhysida, according to the Nacogdoches Daily Sentinel. The same group later claimed responsibility for stealing personal data from Lumberton ISD, according to the Beaumont Enterprise.
Some part of the uptick in cybercrimes in Texas is just because of the growth of technology in recent years, Hagan said. But cybercriminals have also tended toward the schemes because they are relatively easy to execute and profitable, he said. Many of those committing them tend to live overseas, such as Knighten in Brazil, which makes prosecuting them harder.
See here for more on the SFA attack. As a pedantic matter, “malware” is a portmanteau of “malicious software”, so “malware software” (which I’ve never seen anyone say) is redundant. I keep writing about this stuff because I continue to be worried that the vast majority of our local government entities are not prepared for or well defended against a serious cyber attack. Remember what happened to Dallas, y’all. This is bad. The real problem is that making it less bad is expensive and time consuming, and very few local government entities are even modestly well-positioned for that. We really need another truckful of federal funds to address this, but that ain’t happening right now. I just hope we’re not trying to dig out from the wreckage when we do finally get around to doing something about it.