Recent headlines like the Colonial Pipeline Ransomware attack confirm that cybercrime is on the rise with no end in sight. The need for A cryptocurrency (or crypto currency) is a digital asset des... More intelligence built from immutable A blockchain—the technology underlying bitcoin and other c... More data has never been clearer.
Attacks on critical infrastructure and financial institutions have accelerated at an alarming rate. The Biden administration has stated that “cybersecurity resilience” is now a high priority for the US government. A recent US Security Directive “requires owners and operators of Transportation Security Administration (TSA)designated critical pipelines to adopt measures to protect against ransomware attacks and other threats.”
“There are responsibilities for the US government as well as private industries to defend their own information and networks,“ advised Carole House, Director of the National Security Council during the ACFS FinCrime Virtual Event.
Events like the Colonial Pipeline attack have made it clear that what Ms. House calls “basic cyber hygiene ” needs to be implemented. Without adequate preventive security, criminals are getting into critical infrastructure networks. Cyberattacks typically result in economic and reputational damage that has far-reaching effects on the viability of any business.
Cybersecurity protection & preparedness tips
As a Cybersecurity expert, Ms. House advised the following preventive measures:
- Backing up your systems (ie: disaster recovery) , including your images and data configurations
- Regularly testing your back-up plans to make sure they are in working order for effective business continuity
- Frequent update and patching of your IT & network systems
- Creating an incident response planning and testing plan on a regular basis
- Segmenting your networks
Taking any of these preventive measures, before a cyberattacks occurs, helps organizations defend against cyber hacks. It’s critical for organizations to have a plan for what Ms. House calls a “timely remediation” of a cyberattack. Focused investigation and preventative measures are necessary. Organizations need to understand what the scope and impact of a cyberattack could be and make them part of a business continuity plan.
Financial crime compliance programs and monitoring tools
Cybercrime is basically the act of criminals trying to monetize what has been protected or private information. These criminal acts range from the theft of intellectual property to capturing specific credentials that can be used in “credential stuffing attacks.” Another tactic is capturing sensitive PPI that can be used to establish digital identity that aids in for account takeover theft or other types of fraud. Therefore, it is critical to have some type of financial transaction monitoring in place. This tracing capability can be a game changer in the event of cybercrime.
Security recommendations for financial compliance professionals
“At some point, it’s likely that there is a transaction going through your ecosystem that has something to do with financial crime. There is a really unique picture that you can offer related to these criminal networks,” Ms. House told event attendees. “The unique aspect of criminal networks and cybercrime come when you’re looking at attribution via money laundering channels and cybercrime channels. You may notice very different skills sets used in different networks.”
Noticing these trends and monitoring suspicious activity is a necessity in the investigation of criminal attacks. If you see IOCs (indicator of compromise) that are in any way targeting financial institutions networks especially one trying to “effect, conduct or facilitate a transaction,” that transaction may merit investigation and even filing a suspicious activity report.
One of the unique roles that US financial institutions play is their ability to leverage the capabilities that they have for reporting cyber incidents.
“There is an opportunity for compliance professionals to work with the security centers and to find those indicators of compromise, malicious URLs, e-mail addresses, PII addresses and time stamps associated with these malicious logins. When you’ve identified that there’s an account takeover that has occurred or if you’ve found out that a financial institutions customer was defrauded through business email compromise fraud, “ noted Ms. House.
Any information of this nature that compliance professionals can provide about these malicious communications is critical to supporting FinCEN and law enforcement. Ms. House urged that any “relevant information that financial institution may have from their security information centers should be shared to help all institutions be prepared to defend against a cyberattack.”
Cryptocurrency and financial crime
Just as any financial asset has the possibility to be exploited, so do cryptocurrencies and digital assets. There are always vulnerabilities that criminals can find. Criminals seem to favor cryptocurrencies as the method of payment in the commission of a crime or in the request for ransomware. When dealing with cybercrime it is very likely that cryptocurrency has been used for money laundering. What was once viewed as only being a wire transfer problem, has now extended to automated clearing house( ACH) transfers and even the use of gift cards. Cryptocurrency has become more attractive to criminals because of the efficiency of crypto cross-border transfers and the speed of crypto transactions. These features are attractive to money launders that may be trying to fund terrorist or illegal activities. However, cryptocurrency provides “additional traceability and partnership to be able to identity illicit financial trails and to hold actors accountable,” said Ms. House. “There are positives and negatives with these assets.”
The Financial Asset Task Force (FATF) Travel Rule recommendation and Virtual Asset Providers
The standards currently proposed under FATF’s Travel Rule Recommendation 16 are “critical to combat money laundering trails” says Ms. House. Criminals have been known to jump jurisdictions with no concern for country borders. Because there are pros and cons of transferring cryptocurrencies, Ms. House believe that there is a need for the appropriate controls not only at the governmental level, but also at a technology level. One of the ways technology can help is by offering a consistent global response to cybercrime and money laundering.
Building a global coalition on cybercrime
In her closing remarks at ACFCS FinCrime Virtual Conference, Ms. House reinforced how essential it is to work with partners to share best practices, as well as data, in order to stop cybercrime and ransomware. Global organizations need to cooperate with each other on sanctions and prosecutions to combat illicit activities. Towards this end, the US National Security Council is working to build a global coalition to combat and prevent cybercrime. One of the goals is to hold countries like Russia and China accountable for the roll in cyberattacks and the Microsoft Exchange Server violations.
There have been many published advisories about the benefits of spotting activities. Ms. House recommends that financial institutions and governments stay up to date on the most recent recommendations and regulations, as well as comply with existing regulations like the Safe Harbor Act (314b) & the US Cyber Information Sharing Act.
“One of the key initiations of the US White House National Security Council is to lead these global coalitions to stop financial crime. This includes working with the UN, our G7 partners and our “Five Eye” partners, committing to working together collaboratively to combat ransomware and other cybercrime activities,” explained Ms. House. “We even worked with NATO and supported a new comprehensive cyber defense policy reaffirming that the US’s ironclad commitment still exists to collective defense under Article 5, still applying in cyberspace just as it does in non-cyber domains.“
To hear more from Carole House, Director of Cybersecurity for White House National Security Council, listen to her recorded session at FinCrime Virtual Week.
About Carole House
Carole House is an experienced cybersecurity and risk management professional with a demonstrated background in U.S. military intelligence and the Federal executive and legislative branches of government who is committed to protecting people. Ms. House is currently the Director of Cybersecurity with the White House National Security Council. She is skilled in cybersecurity and emerging technology policy, security operations and risk management, unconventional warfare, and strategic and operational planning. She has a strong research backgrounds and holds a Master of Arts (M.A.) focused in Security Studies from Georgetown University.