1

SERIOUSLY ORGANIZED CRIME: TACKLING CYBER ENABLED FINANCIAL FRAUD

SERIOUSLY ORGANIZED CRIME: TACKLING CYBER ENABLED FINANCIAL FRAUD Commercial organizations are under increasing attack from financial crime. And as those carrying out traditional fraud are adopting new techniques, that until recently were the domain of sophisticated cyber espionage groups, so commerce now has to manage a growing strategic risk to both their bottom-line and their brand reputation. Cyber enabled financial crime is here to stay.

Financial institutions around the world, and in particular payment and card processing systems, are under sustained and sophisticated attack. As financial services have gone online so we are now all potential victims of this new high-tech crime. We’re all familiar with the reality of a bank robber in the physical world breaking in and stealing large sums of money from a bank. It is now more common, as most of us now transact online, for criminals to steal credentials for e-banking services and use these to siphon off funds. What is less familiar to us, and increasingly common, is the act of breaking into an organization’s systems and transferring large amounts of money using a toolkit of remote access software and excellent social engineering skills. Tools and techniques that until recently were only used by those carrying out targeted cyber espionage are now an integral part of a traditional financial crime groups armoury. And these tools and techniques will quickly become more sophisticated and industrialized.

SO WHAT’S HAPPENING?There have been a small number of well publicized incidents targeting financial institutions in the last year where a financially motivated attack has been enabled by sophisticated cyber espionage techniques. This ‘convergence’ between traditional financial crime and cyber espionage tools has resulted in some financial institutions, and their customers, losing significant amounts of money. And this appears to be just the tip of the iceberg – many other similar incidents have not ‘gone public’. These attacks commonly use covert and highly targeted social engineering techniques to maximize the chances of the attack staying undetected until the target ‘payload’ is converted into money quickly and efficiently, often across multiple countries.

The recent indictment of five individuals in one of the largest cyber enabled financial fraud attacks highlights that this convergence between financial and cyber crime isn’t a future threat. It now sits at the center of criminal attempts to compromise the financial system today. Although a relatively small organized criminal gang, the attack was well-orchestrated and targeted at sensitive financial and personal data within financial institutions and retailers involved in financial transactions. While this use of cyber intrusion to collect card data isn’t new, the extent of the attack and the scope of financial data involved highlights the fact that prevention relies increasingly on coordinating cyber security and fraud monitoring systems to triangulate on the attack vector.

BAE Systems Applied Intelligence

This growing attack threat is now concerning ‘low volume, high value’ target organizations – for example in private and corporate banking and in the wealth management sector.

THE ATTACK COMPONENTSThe four most common components of these attacks are:

• Distributed Denial of Service (DDoS) smokescreens: Financial institutions are regularly the victims of co-ordinated denial of service attacks that often seem designed simply to disrupt the use of online banking assets. An increasing number of these denial of service attacks are designed to act as a digital smokescreen for a wider large scale online banking attack.

• Transactional based network penetration: One of the emerging cyber enabled fraud attacks occurs when the financial institution systems are penetrated to initiate or facilitate transactions from within the financial institution itself. This has occurred with both banks and payment processors.

• Data theft based network penetration: Although not new, criminals continue to work to penetrate processor and other financial institution systems to steal customer data – account numbers, card numbers and other personal identity information.

• Conventional remote banking fraud: What is novel about the recent wave of attacks is the combination of some or all of the attacks outlined above with conventional online, mobile, phone payment and card attacks.

So how can financial institutions respond to this increasingly prevalent attack vector?

TAKING CONTROLThere are a number of ways for how financial institutions and other organizations can respond effectively:

1. Investigate and assess the extent to which your organization is being targeted by this new attack vector. Understand your vulnerabilities and the tools and processes you have in place to mitigate these risks.

2. Fraud surveillance solutions by themselves are not capable of defending effectively against this new cyber enabled financial crime. You should aim to ensure you have dynamic analytical defences that protect the organization from both fraud and cyber crime, even if these defences are not co-ordinated.

3. As the techniques used by fraudsters to carry out sophisticated attacks converge and become industrialized, organizations should consider how they can create a unified defence against all external attacks to their valued data.

4. Longer term an industry or group of leading organizations across different related industries could join together to work collaboratively to identify, analyze and protect against the most advanced forms of fraud that involve cyber-attack vectors.

FCN

BAE

N_I

NTE

1213

_fat

ca_V

1

ABOUT USWe deliver solutions which help our clients to protect and enhance their critical assets in the intelligence age. Our intelligent protection solutions combine large-scale data exploitation, ‘intelligence-grade’ security and complex services and solutions integration.

We operate in four key domains of expertise: cyber security, financial crime, communications intelligence and digital transformation.

Leading enterprises and government departments use our solutions to protect and enhance their physical infrastructure, mission-critical systems, valuable intellectual property, corporate information, reputation and customer relationships, competitive advantage and financial success.

We are part of BAE Systems, a global defence, aerospace and security company with approximately 90,000 employees. BAE Systems delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services.

For more information contact:

BAE Systems Applied Intelligence 265 Franklin Street Boston MA 02110 USA

T: +1 (617) 737 4170 E: marketingai@baesystems.com W: www.baesystems.com/ai

Copyright © BAE Systems plc 2013. All rights reserved.

BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc. BAE Systems Applied Intelligence Limited registered in England & Wales (No.1337451) with its registered office at Surrey Research Park, Guildford, England, GU2 7YP. No part of this document may be copied, reproduced, adapted or redistributed in any form or by any means without the express prior written consent of BAE Systems Applied Intelligence.