News & Press: ACFCS News

ACFCS Cyber Spotlight: Key actions to analyze, resources to help strengthen virtual vaults

Thursday, November 29, 2018   (0 Comments)
Posted by: Brian Monroe
Share |

By Brian Monroe
bmonroe@acfcs.org
November 29, 2018

At ACFCS, we know that strengthening cyber resources is a year-round effort, even though October – a month devoted to cyber hygiene – is a recent memory. Criminals, hackers and fraudsters, however, will still be trying to make sure you have a lot less to give thanks for this month.

That’s why ACFCS, apart from sharing key insights to members in recent weeks, is offering some trend and resource highlights, including unlocked content, to help ensure this won’t be a November to remember for all the wrong reasons.

Fortunately, one of the most powerful tactics to defeat hackers is strengthening defenses against the primary way they get in in the first place – human error. This is something the FBI is trying to address on its site to promote better cyber awareness this month. To view all of the agency's tips, please click here.

Overall, roughly 90 percent of successful cyberattacks have an element of human error: someone unknowingly clicking on a diseased link, an IT person failing to patch and update a system immediately or a firm failing to back up a system and house the data in a secure offline area. This can take a common breach or ransomware assault from a minor inconvenience to a total catastrophe. 

However, even the most devilish data breach is just one part of the illicit criminal triangle: criminals still have to monetize the stolen information and then get those funds to an area they control.

That’s why many large domestic and international financial institutions are analyzing or actively converging their anti-money laundering (AML), fraud, risk management and cybersecurity teams to prevent internal mistakes from leading to a data breach or a business email compromise (BEC) attack and better identify when suspicious transactions are tied to criminal hacking groups.

Here are some key stories and resources to better safeguard your institution and improve cyber hygiene standards:


U.S. securities chief chastises companies for lax cyber practices in BEC attacks

The Securities Exchange Commission (SEC) tackled the soaring issue of business email compromise (BEC) attacks, analyzing whether companies involved in these crimes – which spoof email addresses and completely evade cybersecurity protocols by taking advantage of the human element – are victims of criminal schemes, or if they themselves should be punished for not having the proper cyber defenses of training in place. 

In this case, the SEC sent a message that firms should ensure that broad financial crime training, including proper cyber hygiene, went down to the individuals involved with transactions, wires and updating vendor details. To read the full report from the SEC, click here.  (via the SEC).

First new U.S. government cybersecurity strategy in more than a decade focuses on more rigorous defense, more aggressive offense to punish hackers, foreign adversaries

The public and private networks of America’s networks are threatened daily by criminals, terrorists, and foreign adversaries. In the face of growing threats, the Federal Government has the responsibility to do its part to ensure America has the best cybersecurity in the world. Failures to prioritize cybersecurity by both government and industry have left our Nation less secure, according to the White House.

As a result, the President last recently signed the National Cyber Strategy—the first fully articulated cyber strategy for the United States since 2003. These are the key tenets on which we build this National Cyber Strategy:

Ø  Protection: Take specific steps to secure Federal networks and information, secure critical infrastructure, combat cybercrime, and improve incident reporting.

Ø  Promotion: Support a vibrant and resilient digital economy, foster and protect American ingenuity, and develop a superior cybersecurity workforce.

Ø  Disruption: We will identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to our national interests. Enhance cyber stability through norms of responsible state behavior, attribution of unacceptable behavior in cyberspace, and the imposition of costs on malicious cyber actors.

Ø  Preservation: Preserve the long-term openness, interoperability, security, and reliability of the Internet, while supporting market growth for infrastructure and emerging technologies and building cyber capacity internationally. To read more, click here.


In aftermath of historic Equifax breach, cyber risks to banks rise as well as consumers

In this story, ACFCS looks at the aftermath of one of the worst data breaches in U.S. history, an incursion that exposed the sensitive personal and financial details of more than half the country's population.

The story concluded, however, that it is not only consumers that must be wary – financial institutions could also find themselves even more vulnerable to targeted phishing and malware attacks. To read an ACFCS sidebar on tips for consumers and banks, please clickhere.

Financial, business and personal aftershocks are still reverberating from the revelation by Equifax – part of the triune of credit reporting bureaus – that hackers took advantage of an unpatched security flaw to steal data on 143 million people.

The historic breach is largely the result of human error, reportedly due to an employee not patching a system when one was available months prior.

The attack is likely to impact financial institutions both indirectly and directly. As criminal groups parse through the data, they may find employees working at large financial institutions – particularly those with executive positions, purview over large wires or staffers with high-level cyber clearances – and barrage them with mass phishing attacks, or more targeted spear phishing and business email compromise attacks. To read the full story, please click here.


 

Cybersecurity statistics: Hacks, breaches and malware, oh my!

·The average global cost of cybercrime is rising: Due to our increased reliance on data and connectivity, the global cost of cybercrime will increase to $2 trillion by 2019.

·Breaches cost more than ever: There has been a 29 percent increase in the total cost of data breaches since 2013, with the average consolidated total cost of a data breach now estimate at $4 million.

·Average number of attacks per company, per year: Two successful cyber attacks per week, losing an average of $9.5 million annually ($17 million in the US).

·Cost of recovery: The mean number of days to resolve cyber attacks is 46 with an average cost of $21,155 per day – or a total cost of $973,130 over the 46-day remediation period.

·Cost of data stolen: The estimated average cost of each stolen record is $158. That’s every bank account, every password, every social account, every print job…

·Backup and recovery: Advanced back-up and recovery reduces loss by $2 million annually.

Source:Tektonika


Here are some critical cyber countermeasures, 'Game of Thrones' style, to gird systems

In this story, a sidebar to a piece about the breach of media juggernaut HBO, ACFCS offered some vital ways to better protect yourself from cyberattacks, driving home the point using comparisons inspired by fantasy adventure “Game of Thrones.”

To read the main ACFCS piece analyzing the recent hack of HBO, using the media giant's massively popular series "Game of Thrones" as leverage to extort more than $7 million in untraceable Bitcoin, please click here.

One example: How do you keep out hackers, just like Westeros keeps out the Wildlings. You wall it off.

Cyber experts say that for most companies, it’s a question of when, not if they will be hacked. But to improve cyber resilience, and not break the bank, firms should do a cyber risk assessment, to find gaps before hackers do, and determine how different systems and information is being protected.

They can then focus on shoring up those areas and putting the most valuable intellectual properties behind the most secure areas – potentially even in a walled off area disconnected from the network – and restricting access to only a select few with the highest permissions.

That way, even if a hacker gets in, he won't be able to get far or do any real damage to the company, or, as in the case of HBO, get something to hold as ransom for millions of dollars.

To read the full story, please clickhere.


New EU cybersecurity directive to bolster bank cyber defenses

In this story from July 2016, ACFCS analyzed a new European Union directive to strengthen financial institution cyber countermeasures.

The finalized rules created the first ever national system requiring member states to better identify, respond to and report cyberattack incidents, give authorities the power to audit programs and levy penalties and give investigators more avenues to collect and share information on broader attack patterns. More recently, New York created the first ever state-wide cybersecurity standards.

In all, the European Parliament and Council of the European Union’s final “Security of Network and Information Systems (NIS)Directive,” is an expansive, ambitious initiative that created minimum, auditable standards and expectations to thwart criminal hackers and hacktivists groups.

The new directive also gave firms and the government greater sharing powers to identify cyberattack patterns, put new requirements on companies to report breaches and created cyber security incident response teams to more swiftly and effectively respond to attacks in multiple member states.

To read the full story, please click here.


Ransomware resources:

In this ACFCS story, we noted that in the fight against ransomware, updated systems and offline backups are critical defense and recovery stratagems. We detail the top 10 things to do in an attack. Some highlights of the story include:

-Don’t pay – or you will end up paying more:In ransomware attacks, even if the person pays, the attackers may still hold some or all of their systems hostage or attack again at another time, starting the cycle again. Try to remember, as official and polished as these criminals may make their “tech site help” look, they are still criminals and just want your money.

-Don’t give attackers permission–by restricting permissions:Construct your system that only certain individuals with certain rights, privileges and passwords can access or make changes to more critical parts of the computer or network. That way you can limit users’ ability to install and run unwanted software, which may prevent the spread of malware to one or more computers. The mantra should be the lowest privilege gets least access to the system.

-They found flaws in your system – now look for flaws in theirs:If you didn’t back up your system, there could be some options to unlock and recover your data.Not all ransomware is foolproof – tools exist to help with diagnosis and unlocking.First, figure out the variant –ID Ransomware is one tool. Then, find a decrypter from Avast,Kaspersky,AVG and others.

To read the full story, please click here.


This ACFCS “Resource Roundup,” offers eight open source avenues to bolster cyber programs, practices and knowledge.

Some examples:

Secure Password by Kaspersky: A straightforward tool to check the strength of passwords and get tips to make these virtual gateways harder for criminals to crack. https://password.kaspersky.com/

Have I Been Pwned?: This site searches for any data, including names and email addresses, that have been released or associated with any known data breaches. For instance, you can look up and see if your email address has popped up tied to bank accounts, such as JPMorgan, Yahoo email or even Ashley Madison. https://haveibeenpwned.com/

Kaspersky Cyberthreat Map: This is arguably one of the most well-known cyber threat attack maps and, consequently, is also one of the most sophisticated and entertaining. It breaks down types of attacks, countries originated and getting attacked and other critical data points. The site displays a three-dimensional earth array with colorful fusillades of cyberattacks launching to destinations the world over.

To read the whole story, please click here.


This is a great guide by ACFCS partner and Cybint Chief Executive Officer Roy Zur, appropriately titled Cyber Security: A Short Guide for Financial Institutions of a Ransomware Attack

In May 2017, the world experienced one of the largest “Ransomware” attacks in history, called “WannaCry.” The ransomware hit dozens of countries around the world, causing damage to critical infrastructures within hospitals and public transportation, and to businesses including law firms and financial institutions.

Since 2016, cyber attacks through Ransomware have grown exponentially, and now surpass all other forms of malware as the number one menace to cyber assets and the technology infrastructure. The rise of Bitcoin (digital untraceable payments) has contributed greatly to the increasing popularity of Ransomware among hackers.

Here are some tips to protect institutions, clients and yourself:

a. Know your “Cyber Rating” and improve cyber awareness. some 95 percent of all security incidents involve human error, so the first stage is to identify the main human factor gaps in the organization. At Cybint, we offer a free assessment for you and your organization to gain the insights you need here: http://www.cybintsolutions.com/assessment.

b. Update your system regularly. Many of the updates you get to your computer or smartphone are security updates. It means that the company (for example Microsoft) identified a security breach, and asked you to update your system to avoid this breach. The same update was released to hackers, who will be looking for the “weakest links.” Most of those weakest links are people, perhaps like you, who didn’t have the time to update their system until it was too late.

c. Avoid unfamiliar websites. Before entering an unfamiliar website, you should check its trustworthiness. There are available online tools to help you do it like https://www.mywot.com/ and lists of dangerous websites like https://www.malwaredomainlist.com.

For the full story, please click here.

Webinar warriors

ACFCS has also covered cybersecurity risks and defenses in a bevy of webinars. This resource is available to ACFCS Members. After clicking on the link, simply hit the “launch” button to begin the roughly hour-long webinar. Here is a list of webinar titles and their corresponding link:

·The Rise of Advanced Cyber Threats – Protecting Against State-Sponsored Hackers, Organized Cybercrime and other Sophisticated Attacks. To view this webinar, please click here.

·Cybersecurity and Compliance: How to Keep Pace with Cyber Threats. To view this webinar, please click here.

·Cyber Fraud: Assessing and Mitigating Internal and External Threats. To view this webinar, please click here.

·Cyber Preparedness Exercises: Laying the Foundation for Cybercrime Resilience. To view this webinar, please click here.

·Cybercrime and Cyber Intelligence: The Sword and Shield for Financial Crime Professionals. To view this webinar, please click here.

·Quick Tips: Business Email Compromise - Responding to a Growing Cybercrime Threat. To view this webinar, please click here.


©2018 Association of Certified Financial Crime Specialists
All Rights Reserved