Risk Management

Financial crime on the dark web on the rise, reveals new report

in ,

BY Fraser Tennant

Cyber criminals are increasingly and persistently targeting the financial services sector, particularly banking institutions, using the dark web, according to a new report by Searchlight Cyber.

In ‘Dark Web Threats Against the Banking Sector’, the dark web intelligence company outlines the tactics cyber criminal are using against banking institutions, highlighting the most prominent threats visible on the dark web.

According to the report, the most prominent threat is initial access broker posts which sees threat actors sell vulnerabilities such as remote network access, web shells, remote code execution and SQL injection (a cyber attack that injects malicious SQL code into an application allowing the attacker to view or modify a database) on dark web forums for other cyber criminals, including ransomware operators, to exploit.

“We have observed threat actors that are known to be associated with ransomware groups interacting with initial access broker posts in this report,” said Jim Simpson, director of threat intelligence at Searchlight Cyber. “Knowledge is power, and identifying vulnerabilities being sold before the ransomware operator is able to successfully breach their organisation would be a huge win for defenders.”

Additional threats noted in the report include insider threats, where employees proactively advertise their ability to undermine the security of their organisation, as well as cyber criminals trying to recruit employees at banks, and threats against banks’ supply chains, which sees criminals identify the banks that can be impacted in posts targeting their suppliers.

The report also explains how such dark web intelligence can be used by banks in security practices such as threat hunting, internal investigations and gathering intelligence on the tactics of specific cyber criminals.

“While a lot of the cyber criminal activity described in this report sounds alarming, the point of this research is not to scare banks,” said Jim Simpson, director of threat intelligence at Searchlight Cyber. “In fact, it is to demonstrate the opportunity that the dark web provides to identify threats earlier. Banks are always going to be a target for threat actors, but monitoring the dark web allows them a chance to spot criminal activity in the ‘pre-attack’ or planning stage and gives security teams valuable time to adjust their defences.”

Report: Dark Web Threats Against the Banking Sector

Cyber security: a race against time

in ,

BY Richard Summerfield

According to a report from Crossword Cybersecurity Plc, 61 percent of chief information security officers (CISOs) are only ‘fairly confident’ of managing their current threat exposure to cyber risks.

The report, ‘Strategy and collaboration: a better way forward for effective cybersecurity’, surveyed of over 200 CISOs and senior UK cyber security professionals. Many respondents identified the ‘perfect storm’ of escalating cyber attacks combined with global tech innovation which is causing cyber security professionals to be less confident of the adequacy of their cyber security provisions. Based on the findings, there is concern that cyber security strategies are not able to keep pace with the rate of tech innovation and changes in the threat landscape.

“The picture painted by our research shows CISOs are in urgent need of a strategic rethink,” said Stuart Jubb, group managing director at Crossword Cybersecurity plc. “CISOs need to balance their cybersecurity operation’s daily load with managing the organisation’s long-term requirements. Boards must make sure CISOs have the budget necessary to get short-term issues under control and then begin planning a long-term business-wide strategy. Such a strategy should be supported by a standard operating model with robust processes and policies for the company’s entire supply chain. Every month of delay leaves businesses open to potentially crippling cyberattacks.”

Crossword also asked CISOs about the technology trends they saw as being the most important and relevant over the next 12 months. Several technology categories stood out, with cloud transition and cyber in the cloud leading the way (41 percent), followed by cyber security mesh architecture (CSMA) (35 percent) and artificial intelligence (AI)/machine learning (31 percent).

Respondents also identified a number of other areas of high priority going forward, including closing the cyber skills gap, which can see IT and cyber security teams become quickly overwhelmed if the right expertise is not in place to manage the load, the challenge of gaining consistent and reliable ‘threat intelligence’, and securing digital identity. Respondents were divided over how to address these and other issues, particularly with respect to companies’ short-term cyber goals and the longer-term strategy of many UK organisations.

Report: Strategy and collaboration: a better way forward for effective cybersecurity

Rise of ransomware threats – Verizon

in ,

BY Richard Summerfield

The risk posed by ransomware attacks has increased significantly over the last year, according to the 15th annual Verizon 2022 Data Breach Investigations Report.

The report, which aims to increase awareness among organisations of what tactics threat actors are likely to use in data incidents and breaches, analysed 23,986 security incidents from 1 November 2020 to 31 October 2021, and found that ransomware attacks had increased by 13 percent in a single year in 2021, a jump greater than the past five years combined.

According to the report, organised crime continues to be a pervasive force in the world of cyber security, with four out of every five breaches attributed to it over the last 12 months. External actors were approximately four times more likely to cause breaches in an organisation than internal actors, the report notes. Furthermore, the coronavirus (COVID-19) pandemic, as well as ongoing and increasingly fraught geopolitical tensions, have also impacted cyber security, driving increased sophistication, visibility and awareness around nation-state affiliated cyber attacks.

“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real-time,” said Hans Vestberg, chief executive and chairman of Verizon. “But nowhere is the need to adapt more compelling than in the world of cybersecurity. As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected.”

Verizon also pinpointed the risk faced by supply chains. Supply chain issues have come to dominate the international economic landscape over the past year, and the cyber security space is no different. According to the report, 62 percent of system intrusion incidents came through a supply chain partner of the target organisation.

Twenty-five percent of total breaches were the result of social engineering attacks. The human element accounts for 82 percent of analysed breaches over the past year, including human errors and misuse of privilege. Specifically, human error is responsible for 13 percent of breaches according to the report. ‘Misconfigured cloud storage’ was reported to have been a key driver behind this increase. Stolen credentials and phishing were also dominant among the attacks involving human elements.

“Assess your exposure, mitigate your risk, and take appropriate action,” suggested Dave Hylender, lead author of the report. “As is often the case, getting the basics right is the single most important factor in determining success.”

News: Ransomware threat rises: Verizon 2022 Data Breach Investigations Report

Continuity and COVID-19

in

BY Richard Summerfield

The BCI, in association with FortressAS, has published a new report looking at how business continuity and resilience may develop following the disruption caused by the COVID-19 pandemic. ‘The Future of Business Continuity’ report outlines some of the most important lessons learned in the first half of 2020 and re-emphasises the importance of well-resourced business continuity professionals.

One of the report’s major themes is that many business continuity practitioners felt they were marginalised when key strategic decisions were being made in the early stages of the pandemic. Thirty-three percent of those surveyed for the report believe it is imperative that companies have a dedicated board member responsible for promoting resilience at all levels in the organisation. Respondents also believe that business continuity should not be subordinate to other departments, such as risk, for example.

As companies react to the developing COVID-19 crisis, business continuity has become central to the operations of many businesses. Many professionals expect this rising awareness to result in extra departmental resources going forward. Around 95 percent of those interviewed are confident of securing extra support for business continuity from a financial or resource perspective post-COVID, due to management’s increased awareness of the department during the crisis.

“COVID-19 may have shaken many organizations to their foundations, but it has highlighted the importance of business continuity as being at the core of an organisation’s resilience strategy,” said Rachael Elliott, head of thought leadership, at The BCI. “Professionals are hopeful of greater attention at Board level going forward, and the pandemic has helped to act as a silo-breaker between different departments’ resilience strategies. We don’t have long to act though – respondents believe we have just six months to make these theoretical concepts into actionable processes within organizations before they are forgotten.”

Report: The Future of Business Continuity

DOJ releases revised compliance guidance

in ,

BY Richard Summerfield

This week the US Department of Justice (DOJ) issued a series of revisions to its ‘Evaluation of Corporate Compliance Programs’ which clarifies the new factors prosecutors may consider in the areas of risk management, policies and procedures, training and communications, mergers and acquisitions, and more in their evaluation of corporate compliance programmes.

Since the department first released guidance on how it evaluates corporate compliance programmes in 2017, there have been several revisions. Though the latest version leaves much of the substance of earlier versions unchanged, the most recent updates are in keeping with the agency’s efforts to improve its policies and provide transparency.

“The revised guidance on the Evaluation of Corporate Compliance Programs reflects additions based on our own experience and important feedback from the business and compliance communities,” said Brian Benczkowski, assistant attorney general of the DOJ’s Criminal Division, in a statement. “Although much of the substance of the prior version remains unchanged, the updates we have made are in keeping with our continued efforts as prosecutors to improve our own policies and practices to ensure transparency and the effective and consistent enforcement of our laws”.

One of the most telling changes has been in the section of the guidance concerning compliance programme structure, in which new language has been added to reflect how the Criminal Division assesses a company’s risk profile and offers solutions to reduce its risks. The new language states prosecutors will make a “reasonable, individualised determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance program”.

There have also been notable revisions to the language requiring prosecutors to ask companies whether their compliance programme is “adequately resourced and empowered to function” effectively. In previous versions of the guidance, prosecutors were encouraged to ask if the compliance programme has been “implemented effectively”.

Furthermore, the revisions note that prosecutors will evaluate compliance programmes at the time a potential offence occurred and when a decision is made about bringing charges. This will enable them to track the steps taken by companies to prevent problems from reoccurring.

News: DOJ revises its Corporate Compliance Guidance

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.