In late-May, the U.S. Federal Bureau of Investigations (FBI) sent out an urgent alert: Reboot your router immediately! The reason? Russian cyber-actors had used malware to compromise hundreds of thousands of home and office router devices worldwide.
This is only one example of transnational cybercrime from threat-actors targeting unsuspecting users — and it is predicted that it will only get worse. “Cybercrime has no boundaries,” said Robert Villanueva, executive vice president of the cyber intelligence firm Q6 Cyber and director of the Florida International Bankers Association’s (FIBA’s) Technology Committee. “Cybercriminals are constantly targeting the financial sector, both organizations and customers.”
Why should we take Villanueva seriously?
Because he is the founder of the Cyber Threat Intelligence Division of the U.S. Secret Service. He retired from the Secret Service with more than 25 years of experience where he specialized in transnational cybercrimes, access device fraud, network intrusions, and identity theft data breaches affecting the private sector. Now, Villanueva will be moderating a panel titled, Current Trends in Cybercrime: A Law Enforcement Perspective, at the upcoming 33rd Annual Financial Cybersecurity Conference (CELAES), October 29-30 in Miami.
Current Threat Landscape
The biggest cybercrime threats targeting financial institutions come in two varieties: data breaches and daily malware attacks, such as credential-grabbing malware. In a data breach, the criminal targets a centralized database, hoping to steal valuable credit card or other personal identifying information. “Financial institutions are suffering from an economic standpoint when payment cards are being trafficked in vast numbers on the Dark Web and being resold in private forums and in carding shops internationally,” Villanueva said.
Malware attacks come in countless forms. It works by sending an email, known as a phishing email, which may look like it is from a trusted source such as your bank or even phone provider, but the email often has spelling errors and poor grammar. Perniciously, these emails can have a variety of title lines such as “Resume Enclosed” or “Login Credentials Compromised” to prompt a response from the target.
A link will be enclosed in the email; and if you click on the link — whether from a desktop, laptop or even your smartphone — a malicious software infects your device, and you’ve just given the criminal a way into your computer. It could be a key logger, logging your key strokes, or a credential-grabbing program designed to record or capture almost everything you are putting into your computer.
Websites may also be infected. For example, if an ecommerce website has been infected by malware and you log in, all your information including your payment card number will be captured and harvested by the malware. Your information is then transferred by a series of botnets, which are all part of a criminal network of a worldwide network of compromised computers to its final destination of a command and control server overseas; all of which are controlled by the threat-actors themselves. These threat-actors can then access your online bank, retirement and/or investment accounts and successfully wire or transfer money out of them.
There is also ransomware, which is a type of malware which encrypts your hard drive or device, and basically seizes up everything. The threat-actor then contacts the user, asking for a ransom in the form of cryptocurrencies to release your hard drive or device back to you. “If you pay the ransom, there is no guarantee you’ll get the data on your hard drive back,” Villanueva said. “You pay the ransom, and they sometimes don’t release the key or password to retrieve it.”
Who Are the Threat-Actors?
While threat-actors can come from all over the world, the clear majority reside in Eastern Europe in places like Russia and the Ukraine. “By far the most notorious threat-actors are coming from Eastern Europe,” Villanueva said. “Hordes of cyberthieves are targeting banking customers in the Western world for financial gain.”
Just in case you think these bad actors are unsophisticated hackers in their parent’s basements, think again. They are highly skilled and highly educated individuals with specialized jobs: some are hackers; some are virus writers. But often, they have advanced-level computer science degrees (think Master’s degree and PhD levels).
Motives for Threat-Actors: Show Them the Money
There is a misconception that cybercriminals strictly work for hostile nation-states; acting as state-sponsored criminals for our enemies like Russia, Iran, or North Korea. The truth is, most are part of an organized crime syndicate, motivated by profit. “Occasionally they are employed by terrorist organizations (like Clan Barakat) to fund them, but the majority are simply cyberthieves,” he said.
The Justice Department and FBI in partnership continue to battle this serious threat, routinely issuing warrants for state-sponsored cybercriminals as a result of cyberattacks such as in the case of Park Jin Hyok.
Advice for Financial Services
Financial institutions need to be proactive in protecting their data by having actionable cyber-intelligence, Villanueva advised, adding that it’s important to know the type of malware that is targeting your customers, if their devices are infected and any new discovered points of compromise.
Most importantly, financial institutions should be collaborating with law enforcement to stop cybercrime and should get to know their U.S. Secret Service Electronic Crimes Task Forces (there is one in every major metropolitan area), he said. “Information-sharing is of the utmost importance whether formally or informally,” Villanueva noted. “Sometimes just picking up the phone and knowing who to call in your region can disrupt the activity.”
Learn More about Cybercrime in Financial Services
If you are interested in learning more about cybercrime, follow the Legal Executive Institute’s Risk and Compliance page.
You can also download our whitepaper How Financial Institutions Can Best Safeguard Against Cyberattacks with Cybersecurity Expert Christina Ayiotis.