FBI Cyber Crime Briefing: Five Big Risks for Business Leaders
FBI Cyber Crime Briefing: Five Big Risks for Business Leaders
Protek recently sponsored a special briefing from cyber security experts at the FBI. The event, Cyber Crime 101: FBI Cyber Security Webinar is available on-demand here.
This cyber crime briefing featured Supervisory Special Agent, Elvis Chan, from the FBI’s San Francisco, CA field office. Special Agent Chan explored the various cyber security risks to businesses, both big and small. Next, he shared best practices and proactive steps business leaders can take to help defend their employees and organizations.
Here are the five biggest cyber crime risks the FBI is seeing today.
1. Identity Theft
Identity theft occurs when criminals steal the identity of an individual and use real information about that individual to open credit cards or financial accounts for the purpose of committing financial fraud. In some cases, identity theft can also be used in more sophisticated social engineering attacks on companies. Once a criminal has stolen someone’s identity, they can commit any number of different fraudulent activities, including leveraging the stolen identity to solicit information from colleagues, friends, or family. While most people think about identity theft as a personal problem only, businesses also need to stay vigilant. Companies should help educate their employees on the risks of identity theft, both to individuals and their organizations.
Special Agent Chan noted that some forms of identity theft are on the decline. Financial institutions have developed powerful technology to detect the suspicious behavior of identity theft actors and stop the activity early in the process. Not to be deterred, cyber criminals have innovated new ways of exploiting people’s identities, namely with “synthetic identity theft.” Under this approach, the criminals combine snippets of legitimate information about real people into new synthetic identities, by combining names and addresses into entirely new, fictitious people. With these new synthetic identities, the criminals can slowly start building up accounts and customer profiles around these fictitious people. They bide their time before they move on to bigger frauds like opening credit cards under the fictitious names to steal funds. This latter form of identity theft is currently a growing problem, since current technologies have trouble detecting it.
2. Business Email Compromise (BEC)
Business Email Compromise (BEC) is using business email as a means of conducting financial fraud, usually through a sophisticated social engineering attack. In most BEC cases, the goal of the fraud is leverage business email to induce a company employee to mistakenly wire funds to an external organization or individual.
One of the most common BEC attacks, the cyber criminal will craft a new email address that looks deceptively similar to the legitimate email address of the company. With this fake email address, the criminal will then pose as an executive, CEO, or other high ranking officer in the company and attempt to get an accounts payable employee to wire funds or to pay a fraudulent invoice. The criminal will have gathered relevant information about the person they are impersonating, to perpetuate the fraud and appear convincing. They will also exploit the power dimension inside organizations by preying on the fear of front line employees to question executive orders. In many of these cases, the criminal posing as the CEO will force the front line employee to rush their job and quickly wire funds, because there is some sort of urgent emergency requiring the funds. Many employees will fall for this type of fraud.
There are various ways to combat the BEC problem. Company executives should be mindful of oversharing personal information on social media. This data can be used by cyber criminals to impersonate them. Companies should train their staffs on cyber security risks and common types of fraud. Policies should be in place to confirm transactions over a certain size via a telephone call, or other confirmation workflows. Finally, all employees should be educated to be cautious and double check suspicious activity, even when requests come from top officers.
Ransomware continues to plague businesses of all sizes. Agent Chan shared how ransomware mushroomed into $10 billion dollar problem in 2019. Ransomware attacks occur when one or more computers or servers in an organization is encrypted by the cyber criminals and then held hostage until a ransom is paid. The cyber criminal will nearly always request payment in hard-to-track electronic currencies. In most cases, after the ransom is paid the criminal will provide the company with the decryption keys to restore the computers or servers.
Ransomware causes downtime and extended business interruptions, while jeopardizing one of the most valuable assets of a company, it’s data. The FBI’s official recommendation is to never pay the ransom, since the funds flow to criminals who then victimize others. However, the FBI acknowledges that companies that fall prey to this attack are often insured and simply want to get back to normal operations.
As with all cyber security risks, a layered approach to security and defense is required with ransomware. One of the best ways to defend the organization, is to train all employees on the various cyber security risks and typical forms of attack. Phishing simulations can train staff on how to spot and detect common email-born attacks. It is also important to leverage content filtering, DNS security, and other zero-day defense mechanisms to prevent employees from visiting inappropriate and dangerous sites and to block suspicious activity whenever it occurs.
4. Cypto-mining Malware
While cyber criminals are often looking to steal funds or extort a ransom, at other times, they want to steal resources from organizations through sophisticated attacks that leverage the massive computing resources of certain kinds of companies. In the case of cypto-mining malware, the cyber criminals install malware that surreptitiously uses the compute power and electricity supplying a server farm. Cypto-mining is the process of mining additional units of cypto-currency. This is a built-in and legitimate part of the crypto world. Cypto currencies theoretically hold value by building in a scarcity factor, which forces miners to spend lots of compute resources to mine each new coin. Cyber criminals have discovered ways to mine new crypto-currency by hijacking the compute resources of legitimate companies.
All forms of layered cyber security defense, including malware detection, intrusion detection, and next-gen anti-virus can help organizations prevent the theft of their compute resources by fraudulent crypto miners.
5. Advanced Persistent Threats (APT)
Advanced Persistent Threats (APTs) are attackers with advanced skills and highly sophisticated methods for penetrating companies and causing harm. In many cases, APTs are nation-state actors and are bent on causing massive harm to larger organizations or governmental agencies. Generally, APTs look to evade detection and lie in wait for an opportune time to exfiltrate highly sensitive information, such as email archives, intellectual property or trade secrets, or to unleash an attack which can have a devastating impact on the victim.
Examples of APTs include the theft of $81 million dollars from the Central Bank of Bangladesh and the WannaCry ransomware cryptoworm, for which North Korea is considered the prime suspect.
The high level of sophistication of the attack is the main hallmark of APTs. When the stakes are high and the attackers are sophisticated, it often means companies need to employ the most advanced defense mechanisms, such as next-gen anti-virus, which employs machine learning and artificial intelligence, and managed detection and response, which leverages security operations staff to continuously monitor a company’s infrastructure for security incidents.
Protek stands ready to defend its clients against all of these sorts of attacks. New and existing clients are encouraged to meet with Michelle Lawson to arrange a cyber security risk assessment on a regular basis.