Extortionists and insiders operating as criminal "free agents" have emerged as the top two cybercrime threats to banking institutions, says financial fraud expert Avivah Litan, an analyst for the consultancy Gartner.
"Cyber-extortion is probably the hottest trend of 2015," she explains during this exclusive interview with Information Security Media Group.
A gang known as DD4BC, which stands for DDoS for Bitcoin, has been targeting leading banking institutions with ransom schemes that blend malware and distributed denial-of-service attacks, Litan says.
"They'll get malware on the network, extract information from files and then threaten to publish it," she says. "Then they wage a denial-of-service attack against the bank. So, this has been going on for a while, and banks are paying out."
Targeted institutions are paying $5 for every $100 worth of damage they could suffer if the extracted data were published, Litan says. "They feel it's better to pay out than suffer the damage," and - without naming names - she says many big-name institutions have been affected.
Catching these extortion rings has proved challenging, as it's far too easy for these groups to cover their tracks. And it's a trend few banking institutions want to talk about either, Litan says.
"There are some companies that have been paying out big extortions for a while now," she says. "It's a big problem. We saw something similar to this with the Ashley Madison hack."
The other leading cyberthreat is posed by rogue insiders who actually work for cybercrime rings as free agents, Litan says. These insiders have unique operational knowledge about the business or banking institution where they work and have found that they can profit from this knowledge via underground cybercrime forums.
"It's a thriving business on the Dark Web," she says.
During this first part of a two-part interview on top cybercrime threats to banking institutions, Litan also discusses:
- How banking institutions are enhancing user authentication with analytics and biometrics;
- The increasing role artificial intelligence plays in the security of commercial banking accounts;
- The practice of identity-proofing - verifying users, using images captured in real time of such identity documents as driver's licenses and passports - and how it could be used to help curb losses stemming from compromised business email accounts .
Litan, a vice president at Gartner Research, is a recognized authority on financial fraud. She has more than 30 years of experience in the IT industry. Her areas of expertise include financial fraud; authentication; access management; identity proofing; identity theft; fraud detection and prevention applications; and other areas of information security and risk. She also covers security issues related to payment systems and PCI compliance.