EU Financial Fraud Battle Ramps UpBanks Collaborate with Europol; UK Previews Alert System
European financial services firms and law enforcement agencies have been stepping up their efforts to trade actionable intelligence to better defend against emerging malware attacks and cross-border fraud campaigns.
See Also: Stopping BEC and EAC
The European Banking Federation and Europol's European Cybercrime Center, or EC3, have signed a memorandum of understanding that officials say will enable much greater levels of cooperation between law enforcement agencies and the European financial services sector.
In the United Kingdom, meanwhile, the British Bankers' Association has announced plans to collaborate with 12 U.K. government and law enforcement agencies to create a new Financial Crime Alerts Service, or FCAS.
The European financial sector's need for more actionable threat intelligence was one of the most frequently discussed topics at a fraud summit hosted last month by Information Security Media Group in London.
Seeking Cross-Border Cooperation
Europol officials say the EBF and EC3 memorandum now paves the way for law enforcement agencies and financial services firms to trade expertise, as well as attack-related statistics and other "strategic information."
The new agreement is "more than a ceremonial gesture," says Troels Oerting, head of Europol's EC3. It's designed to help "prevent, prosecute and disrupt cybercrime against the financial sector," as well as to "make life more difficult for criminals, and life easier for the banking sector and all of us who use these important services."
Officials say Europol and the financial services sector have already been working together to battle card-payment fraud, including pursuing organized crime groups involved in skimming and forgery attacks or running money mule gangs.
"There always has been information sharing between financial companies and law enforcement, however this has often been at the local level - with local police forces - and in many cases would be ad-hoc in nature," says Dublin-based information security consultant Brian Honan, who's a cybercrime adviser to Europol's EC3.
But as Wim Mijs, chief executive of the European Banking Federation, notes: "International cooperation between banks and law enforcement bodies is essential because it is clear that criminals know no borders."
Sharing Better Intelligence
The new formal agreement, Honan says, will "enable Europol to gather and share intelligence information at a much more strategic level across all police forces. This will hopefully help identify cross-border and international criminal gangs, leading ultimately to their demise. Likewise for banks, they will get to see the type of attacks criminals are using in other countries and be able to prepare themselves to better defend against them."
Honan, who also heads Ireland's Computer Security Incident and Response Team, says the new agreements could lead to an increase in actionable information. "The issue many organizations have - not just banks - is not a lack of intel, but rather not enough actionable intel," he says. "Too much intel without any actionable data can prove to be as ineffective as no intel at all. Sharing data with government agencies, particularly those with international capabilities, can provide that actionable intel."
In fact, that's the impetus behind similar moves being made in the United States, where the Financial Services Information Sharing and Analysis Center, a cybersecurity information sharing group, and the Depository Trust and Clearing Corp. have teamed up to create an application designed to share threat information. The program will share threat-related information in a machine-readable format, which would theoretically allow banks to not only receive the alerts but configure their network defenses to automatically take action.
U.K. Preps Alert System
Also on the information-sharing front, the U.K.'s FCAS alert system is scheduled to go live in early 2015. It will draw on information from a variety of government and law enforcement agencies, including the National Crime Agency. It's being developed with U.K. defense contractor BAE Systems Applied Intelligence, and will include alerts related to online crime, terrorist financing, fraud, money laundering, as well as bribery and corruption investigations.
"I hope they first focus on getting real-time vulnerability alerts," says John Pescatore, SANS Institute director of research.
Unlike the FS-ISAC and DTCC program being launched in the United States, this program isn't aimed at trading details about online threats in a machine-readable format, but rather streamlining the release of various alerts that are already available. "It's aimed at people who will respond to these alerts," a British Bankers' Association spokeswoman tells Information Security Media Group.