National Cybersecurity Awareness Month: ACFCS offers key analysis, resources to respond, recover
Wednesday, October 11, 2017
Posted by: Brian Monroe
By Brian Monroe
October 11, 2017
It’s appropriate that October is National Cybersecurity Awareness month, as hackers have become modern day terrors keeping banks, corporations and individuals up at night, in recent years achieving virtual feats that are downright terrifying.
Whether backed by organized criminal groups, harlequin hacktivists or nation state regimes, these groups can seemingly emulate many of the qualities of the undead denizens in the best of horror movies – from ghoulish ghosts, easily phasing through the most fortified firewalls, to night of the living dead, creating zombie computers to spread virulent code.
Recently, one of the most insidious tactics by cyber attackers is actually less “Walking Dead” and more “Invasion of the Body Snatchers." Attackers study and impersonate top officials in a company to create emails seemingly coming from them – called business email compromise attacks – to dupe targets into sending money straight to their hollow shell companies.
Now, in the aftermath of the Equifax hack last month – just the latest in a string of high-profile breaches puncturing many of the nation’s largest banks, retailers and government data hubs – cyber attackers currently have access to the personally identifiable information of an estimated billions of people. The information leaked is more than enough to steal your identity or create synthetic versions of you to do their bidding.
Yes, absolutely, which is why ACFCS is sharing some key resources, stories and webinars to help you – individually or as part of a company or financial institution – protect yourself, be more responsive if an attack takes place and better recover if the inevitable infiltration occurs.
Fortunately, one of the most powerful tactics to defeat hackers is strengthening defenses against the primary way they get in in the first place – human error. This is something the FBI is trying to address on its site to promote better cyber awareness this month. To view all of the agency's tips, please click here.
Overall, roughly 90 percent of successful cyberattacks have an element of human error: someone unknowingly clicking on a diseased link, an IT person failing to patch and update a system immediately or a firm failing to back up a system and house the data in a secure offline area. This can take a common breach or ransomware assault from an minor inconvenience to a total catastrophe.
However, even the most devilish data breach is just one part of the illicit criminal triangle: criminals still have to monetize the stolen information and then get those funds to an area they control.
That’s why many large domestic and international financial institutions are analyzing or actively converging their anti-money laundering (AML), fraud, risk management and cybersecurity teams to prevent internal mistakes from leading to a data breach or a business email compromise (BEC) attack and better identify when suspicious transactions are tied to criminal hacking groups.
Here are some key stories and resources to better safeguard your institution and improve cyber hygiene standards:
In aftermath of historic Equifax breach, cyber risks to banks rise as well as consumers
In this story from last month, ACFCS looks at the aftermath of one of the worst data breaches in U.S. history, an incursion that exposed the sensitive personal and financial details of more than half the country's population.
The story concluded, however, that it is not only consumers that must be wary – financial institutions could also find themselves even more vulnerable to targeted phishing and malware attacks. To read an ACFCS sidebar on tips for consumers and banks, please click here.
Financial, business and personal aftershocks are still reverberating from the revelation by Equifax – part of the triune of credit reporting bureaus – that hackers took advantage of an unpatched security flaw to steal data on 143 million people.
The historic breach is largely the result of human error, reportedly due to an employee not patching a system when one was available months prior.
The attack is likely to impact financial institutions both indirectly and directly. As criminal groups parse through the data, they may find employees working at large financial institutions – particularly those with executive positions, purview over large wires or staffers with high-level cyber clearances – and barrage them with mass phishing attacks, or more targeted spear phishing and business email compromise attacks. To read the full story, please click here.
Cybersecurity statistics: Hacks, breaches and malware, oh my!
· The average global cost of cybercrime is rising: Due to our increased reliance on data and connectivity, the global cost of cybercrime will increase to $2 trillion by 2019.
· Breaches cost more than ever: There has been a 29 percent increase in the total cost of data breaches since 2013, with the average consolidated total cost of a data breach now estimate at $4 million.
· Average number of attacks per company, per year: Two successful cyber attacks per week, losing an average of $9.5 million annually ($17 million in the US).
· Cost of recovery: The mean number of days to resolve cyber attacks is 46 with an average cost of $21,155 per day – or a total cost of $973,130 over the 46-day remediation period.
· Cost of data stolen: The estimated average cost of each stolen record is $158. That’s every bank account, every password, every social account, every print job…
· Backup and recovery: Advanced back-up and recovery reduces loss by $2 million annually.
Here are some critical cyber countermeasures, 'Game of Thrones' style, to gird systems
In this August story, a sidebar to a piece about the breach of media juggernaut HBO, ACFCS offered some vital ways to better protect yourself from cyberattacks, driving home the point using comparisons inspired by fantasy adventure “Game of Thrones.”
To read the main ACFCS piece analyzing the recent hack of HBO, using the media giant's massively popular series "Game of Thrones" as leverage to extort more than $7 million in untraceable Bitcoin, please click here.
One example: How do you keep out hackers, just like Westeros keeps out the Wildlings. You wall it off.
Cyber experts say that for most companies, it’s a question of when, not if they will be hacked. But to improve cyber resilience, and not break the bank, firms should do a cyber risk assessment, to find gaps before hackers do, and determine how different systems and information is being protected.
They can then focus on shoring up those areas and putting the most valuable intellectual properties behind the most secure areas – potentially even in a walled off area disconnected from the network – and restricting access to only a select few with the highest permissions.
That way, even if a hacker gets in, he won't be able to get far or do any real damage to the company, or, as in the case of HBO, get something to hold as ransom for millions of dollars.
To read the full story, please click here.
New EU cybersecurity directive to bolster bank cyber defenses
In this story from July 2016, ACFCS analyzed a new European Union directive to strengthen financial institution cyber countermeasures.
The finalized rules created the first ever national system requiring member states to better identify, respond to and report cyberattack incidents, give authorities the power to audit programs and levy penalties and give investigators more avenues to collect and share information on broader attack patterns. More recently, New York created the first ever state-wide cybersecurity standards.
In all, the European Parliament and Council of the European Union’s final “Security of Network and Information Systems (NIS) Directive,” is an expansive, ambitious initiative that created minimum, auditable standards and expectations to thwart criminal hackers and hacktivists groups.
The new directive also gave firms and the government greater sharing powers to identify cyberattack patterns, put new requirements on companies to report breaches and created cyber security incident response teams to more swiftly and effectively respond to attacks in multiple member states.
To read the full story, please click here.
In this ACFCS story, we noted that in the fight against ransomware, updated systems and offline backups are critical defense and recovery stratagems. We detail the top 10 things to do in an attack. Some highlights of the story include:
- Don’t pay – or you will end up paying more: In ransomware attacks, even if the person pays, the attackers may still hold some or all of their systems hostage or attack again at another time, starting the cycle again. Try to remember, as official and polished as these criminals may make their “tech site help” look, they are still criminals and just want your money.
- Don’t give attackers permission – by restricting permissions: Construct your system that only certain individuals with certain rights, privileges and passwords can access or make changes to more critical parts of the computer or network. That way you can limit users’ ability to install and run unwanted software, which may prevent the spread of malware to one or more computers. The mantra should be the lowest privilege gets least access to the system.
- They found flaws in your system – now look for flaws in theirs: If you didn’t back up your system, there could be some options to unlock and recover your data. Not all ransomware is foolproof – tools exist to help with diagnosis and unlocking. First, figure out the variant – ID Ransomware is one tool. Then, find a decrypter from Avast, Kaspersky, AVG and others.
To read the full story, please click here.
This ACFCS “Resource Roundup,” offers eight open source avenues to bolster cyber programs, practices and knowledge. Some examples:
Secure Password by Kaspersky: A straightforward tool to check the strength of passwords and get tips to make these virtual gateways harder for criminals to crack. https://password.kaspersky.com/
Have I Been Pwned?: This site searches for any data, including names and email addresses, that have been released or associated with any known data breaches. For instance, you can look up and see if your email address has popped up tied to bank accounts, such as JPMorgan, Yahoo email or even Ashley Madison. https://haveibeenpwned.com/
Kaspersky Cyberthreat Map This is arguably one of the most well-known cyber threat attack maps and, consequently, is also one of the most sophisticated and entertaining. It breaks down types of attacks, countries originated and getting attacked and other critical data points. The site displays a three-dimensional earth array with colorful fusillades of cyberattacks launching to destinations the world over.
To read the whole story, please click here.
This is a great guide by ACFCS partner and Cybint Chief Executive Officer Roy Zur, appropriately titled Cyber Security: A Short Guide for Financial Institutions of a Ransomware Attack
In May 2017, the world experienced one of the largest “Ransomware” attacks in history, called “WannaCry.” The ransomware hit dozens of countries around the world, causing damage to critical infrastructures within hospitals and public transportation, and to businesses including law firms and financial institutions.
Since 2016, cyber attacks through Ransomware have grown exponentially, and now surpass all other forms of malware as the number one menace to cyber assets and the technology infrastructure. The rise of Bitcoin (digital untraceable payments) has contributed greatly to the increasing popularity of Ransomware among hackers.
Here are some tips to protect institutions, clients and yourself:
a. Know your “Cyber Rating” and improve cyber awareness. 95 percent of all security incidents involve human error, so the first stage is to identify the main human factor gaps in the organization. At Cybint, we offer a free assessment for you and your organization to gain the insights you need here: http://www.cybintsolutions.com/assessment.
b. Update your system regularly. Many of the updates you get to your computer or smartphone are security updates. It means that the company (for example Microsoft® for Windows) identified a security breach, and asked you to update your system to avoid this breach. The same update was released to hackers, who will be looking for the “weakest links.” Most of those weakest links are people, perhaps like you, who didn’t have the time to update their system until it was too late.
c. Avoid unfamiliar websites. Before entering an unfamiliar website, you should check its trustworthiness. There are available online tools to help you do it like https://www.mywot.com/ and lists of dangerous websites like https://www.malwaredomainlist.com.
For the full story, please click here.
ACFCS has also covered cybersecurity risks and defenses in a bevy of webinars. This resource is available to ACFCS Members. After clicking on the link, simply hit the “launch” button to begin the roughly hour-long webinar. Here is a list of webinar titles and their corresponding link:
· The Rise of Advanced Cyber Threats – Protecting Against State-Sponsored Hackers, Organized Cybercrime and other Sophisticated Attacks. To view this webinar, please click here.
· Cybersecurity and Compliance: How to Keep Pace with Cyber Threats. To view this webinar, please click here.
· Cyber Fraud: Assessing and Mitigating Internal and External Threats. To view this webinar, please click here.
· Cyber Preparedness Exercises: Laying the Foundation for Cybercrime Resilience. To view this webinar, please click here.
· Cybercrime and Cyber Intelligence: The Sword and Shield for Financial Crime Professionals. To view this webinar, please click here.
· Quick Tips: Business Email Compromise - Responding to a Growing Cybercrime Threat. To view this webinar, please click here.