Connect with us

Interviews

Ransomware seems more prolific than ever. Why is that and do you think we’ll see that change at all in the near future?

Published

on

Paul Prudhomme, Head of Threat Intelligence Advisory at Rapid7

 

Multiple factors have encouraged the proliferation of ransomware. One factor is the snowball effect, in which successful ransomware attacks fuel more ransomware attacks. Victims who pay ransoms encourage more attacks by demonstrating that ransomware is profitable. Paying ransoms further encourages more attacks by giving attackers more financial resources with which to fund more numerous or ambitious attacks.

The rise of the remote workforce has also created more opportunities for attackers to gain access to targets by targeting the home infrastructure and personal devices of remote employees and compromising remote access services (such as RDP and VPNs) and virtual communication platforms (such as Slack and Zoom). The initial access brokerage market, in which specialised vendors acquire and sell compromised network access to other criminals, has thrived as a result of this transformation. Ransomware attackers are key customers for this market and have thus been able to scale their operations along with it.

Another factor is the ability of ransomware attackers to develop new tactics in response to organisations’ defences in a cat-and-mouse game. For example, many organisations implemented more robust backup systems as a defence against ransomware, so as to relieve the pressure to pay ransoms by maintaining the ability to restore files without paying ransoms. Ransomware attackers adapted to this challenge by adding a second layer of extortion to their attacks, in the form of data disclosures. Threatening to disclose compromised data if a victim refuses to pay the ransom works around organisations’ backup defences, which are useless against the threat of data disclosure.

Paul Prudhomme

Russia, Ukraine, and other former Soviet republics have historically provided a safe haven for ransomware operators and many other criminals, as long as they restricted their attacks to targets beyond that region. The Russian invasion in Ukraine has already had a significant impact on ransomware operators in both countries, but the ultimate long-term implications are still to be determined as the war continues. Some implications thus far have included: the damaging leak of internal chat records from the Conti ransomware group, in response to its threat to retaliate for foreign cyberattacks on Russia; financial disruptions to Russian criminals due to the economic isolation of Russia; and disruptions of Internet service and other functional problems for ransomware operators in Ukraine due to war damage.

 

Can you explain what ‘double extortion’ is and why has it become a popular technique for ransomware gangs? 

“Double extortion” refers to the addition of a second layer of data disclosure threats to ransomware attacks, beyond the historic focus on encrypting files and holding them for ransom. A “double extortion” attack involves threatening to disclose compromised data from the network of a ransomware victim if the victim refuses to pay an additional ransom line item for that.

The threat aims to put more pressure on victims to pay more by subjecting them to the risk of additional harm to their business through exposure to fraud or further compromises, legal or regulatory liabilities, damaged reputations, the exposure of intellectual property or other trade secrets. It also aims to maximise profit from ransomware attacks by further monetising an attacker’s access. This tactic emerged in response to organisations’ implementation of more robust backup procedures, which are effective against the file encryption layer of ransomware attacks but useless against the threat of data disclosure.

 

From the research, customer and patient information was the most frequently leaked data in the financial industry, was this different when compared to other sectors and, if so, why is this the case? 

Our research found that customer/patient data was the second-most popular category of files for ransomware attackers to include in data disclosures across all industries, but it was the most popular category for victims in the financial services industry by a very wide margin. Leaking customer/patient data is a popular tactic for use against customers/patients in all industries because it erodes consumer/patient confidence in them and can thus be an effective way for ransomware attackers to hit victims where it hurts – that is why we chose the phrase “pain points” in the research report title.

We believe that this point is even more valid for the financial services industry because they depend even more heavily than other industries on customers’ confidence in their ability to protect their money and their personal information. Ransomware attackers would thus be more likely to leak customer data from a financial services victim because it would put more pressure on the victim to pay.

 

What can financial organisations do to protect themselves against double extortion attacks and ransomware more broadly? 

One of the goals of this report was to enable organisations to identify those “pain points” that ransomware attackers are most likely to target in the data disclosure layer of a ransomware attack. These insights, such as the above-mentioned emphasis on customer data in the financial services industry, can help financial institutions and other organisations identify those assets that ransomware attackers are most likely to target. Organisations can provide those most frequently targeted assets with additional layers of defence.

One additional layer of defence is network segmentation, with the goal of preventing attackers from ever accessing that data in the first place, even if they do gain access to other parts of the network. Another layer of defence is file encryption, so that the files would be useless for the purpose of data disclosure, even if attackers do gain access to them.

Financial institutions can defend themselves against ransomware much like organisations in any other industry. Anti-phishing education can make employees less likely to click on the malicious email attachments and links that often initiate attacks. Spam traps can prevent many malicious messages from ever reaching employees in the first place.

Securing remote access services, such as RDP and VPNs, is a critical defence against ransomware attackers and the initial access brokers that provide many of them with access to compromised networks. RDP services are popular targets for brute force attacks, and should be disabled if not in use. If RDP is in use, the organisation should implement rate limiting and require two-factor authentication, preferably via mobile app rather than SMS. VPN software should receive regular updates to patch it for newly discovered vulnerabilities that attackers can and often do exploit. Accounts on remote communication platforms should have two-factor authentication to prevent attackers from compromising them and using them to expand their access by impersonating legitimate users.

 

Are there any other cyber threats targeting the finance sector that should be top of mind for businesses? 

One of the most severe threats to financial institutions is the risk of large-scale fraud via compromised access to interbank payment systems such as SWIFT.  Such attacks in the past have been attributed to state-sponsored North Korean actors, as well as some of the more sophisticated Russian-speaking criminals. Such attacks are less common than other threats but can have more severe consequences when they do happen.

Business

Q&A: Improving biometric systems using AI-based spoofing

Published

on

By

Abdarahmane Wone, Software Engineer at Fime

As adoption of biometric authentication increases, so does the need to ensure that biometric systems are resistant to attacks. Presentation attacks, such as spoofing, which aim to “spoof” a biometric verification or identification procedure, can compromise biometric authentication. Fime is exploring how to transform genuine biometric images into synthetic spoofs and evaluate the robustness of biometric systems in detecting presentation attacks.

Stéphanie Pietri (SP), Communications Director at Fime, speaks to Abdarahmane Wone (AW), Software Engineer, about Fime’s new research paper to discuss the potential impact that digitally synthesized fingerprint spoofs can have on anti-spoofing systems.

SP: What is an anti-spoof test?

AW: Presentation attacks, when an attacker attempts to trick a biometric system, are one of the key security challenges facing biometric systems. It is critical that the presentation attack detection (PAD) technology in a biometric system is thoroughly tested, as this is what ensures the security of the system. Presentation attack detection testing is usually done by creating presentation attack instruments (PAIs) and performing active spoof attempts to determine whether a biometric system will authenticate a credential that is not genuine. This requires significant skill and time investment from testing labs.

SP: What did Fime do?

AW: To learn more about biometric systems’ ability to resist presentation attacks, Fime conducted research to determine whether digitally synthesized images are as good as real spoofs. AI and deep learning were used to transform genuine fingerprint images into spoof images similar to the ones made from the spoof materials commonly used in anti-spoofing tests. We did this in order to simulate the standard testing process.

We used a multi-domain style transfer model taking data from LivDet, an international competition of presentation attack and fingerprint liveness detection. Data from five different materials were used: Ecoflex, gelatin, latex, modasil, and wood glue. The data set was composed of a training set and a testing set, each containing 2000 images (1000 genuine images and 200 of each spoof material for each set). We extracted and randomly cropped multiple 224×224 patches from each image and injected them into the system to see if they were detected as spoofs under the NIST Fingerprint Image Quality (NFIQ) algorithm.

By using this kind of method, the testing process is sped up and a larger number of spoof materials are covered than it would be possible to physically fabricate in a given time.

SP: What was the impact of the digitally synthesized spoofs on the system?

To assess the validity of the digitally synthesized fingerprint spoofs, the NIST Fingerprint Image Quality (NFIQ) algorithm, which provides an overall score on a scale of 0 to 100, was used. This is based on the usability and features of an image. We used this algorithm to determine whether the quality of the presentation attack instruments was similar to that of the synthetic presentation attack images.

For each material, we found that there is a similarity between the distribution of the genuine images and synthetic images.

SP: What does this mean for the future of biometrics?

Fime has developed a method that can be used to evaluate biometric systems’ ability to resist fingerprint spoofs. This can help vendors to develop their fingerprint recognition products, in particular training algorithms to resist presentation attacks. Payment schemes can also use the research to implement new testing methodologies for these products. These findings will ultimately help laboratories to make cost and time savings, helping secure products launch more efficiently.

Continue Reading

Interviews

Matt Cox, Managing Director and General Manager, EMEA, FICO, answers questions on fraud from Finance Derivative

Published

on

By

What are the biggest fraud concerns for FICO’s customers?

Scams are definitely high on the list. There is a continued surge in Authorised Push Payment (APP) scams, advanced social engineering, and pandemic-related fraud.

The level of sophistication present in scams seems to grow at a daily rate and that is always one of our biggest concerns – staying ahead of the criminals. A coordinated approach to managing the authentication of customers will be a strong starting point for any organization, so that they can adapt and adjust as the market changes. To address current fraud concerns, banks need to take this into consideration. There are specific machine learning models designed to detect scam-related activity, and banks should explore those.

How have scams changed since the pandemic started?

Investment and crypto scams saw a big spike and there was a swift rise in vaccine-related scams with an emergence of a black market for the sale of fake vaccine passports. There is certainly a good level of public awareness of scams, but according to our consumer fraud survey, only 6% of customers said they were most concerned about being tricked into sending payments to a fraudster — as compared with 26% who were most concerned with having their stolen identity used to open an account, which is much less likely. This relaxed attitude in combination with increasingly realistic and creative social engineering and impersonation schemes, is part of the reason why fraudsters continue to succeed in scamming customers.

Authorised push payment fraud is one of the biggest concerns in the digital payments industry. According to UK Finance, APP fraud has, for the first time, surpassed card fraud with £355 million in losses attributed to APP fraud in the first half of 2021.

What is the challenge for banks right now in dealing with APP scams?

APP scams present a unique challenge as they involve tricking the victim into sending money to the fraudster. Despite measures like Confirmation of Payee (CoP) being put in place to stop these fraudulent transactions, the victim will have the final say and can override warnings put in their way. A layered approach is needed to prevent it, multiple tiers of armor are always most effective.

Some improvements in payment technology are actually making it easier for criminals to commit APP fraud. As more consumers and businesses adopt simple ways to send money in real time the pool of potential victims increases, a trend accelerated by the COVID crisis pushing more people to use online banking. Real-time payments also lower the risk for fraudsters, as money is transferred instantly, fraudsters can move payments through multiple accounts in a process of layering to launder the proceeds of the fraud and make tracing them more difficult.

Criminals are devious and clever, and victims cannot simply be written off as gullible exceptions. As real-time payment schemes can be used to transfer large sums of money, there is a need to employ layered fraud protection across all products and channels used to manage real-time payments.

Maintaining good customer experience by not impacting too many genuine transactions is a growing concern. As banks get better at detecting scams, there is still a very high false positive rate with many genuine customers needing to be disrupted in order to find a single fraud. This is where advanced analytics and particularly a consortium approach are critical aids.

What has your research told you about how different generations think about fraud and scams and the actions they take to avoid them?

We frequently survey consumers across the world to get a sense of their attitudes towards fraud and the security measures implemented to catch it. The results are always interesting and often flag the differences in how age groups approach financial security.

For example, in our most recent survey of 1,000 UK consumers, 55% said they would switch banks if theirs was reported to be involved in a money laundering scandal. The younger age groups would be most eager to swap their financial service provider after a money laundering scandal: 64% of 18 to 24 year-olds would switch, as would 68% of 25 to 34 year-olds.

Those in the Millennials generation – aged 25-34 – appear to be the least impressed with banks’ current approaches to fraud. When asked about account takeover, 19% thought banks were not fair with customers in terms of how they resolved this. And when considering cases of customers being tricked into sending money to fraudsters, 21% of them thought measures were not fair.

How much of an issue is social engineering?

Social engineering is a vital component of a fraudster’s playbook. It is not a new approach for them but is one that can cause devasting results. Fraudsters buy compromised data (credentials, ID documents, personally identifiable information or payment details) and ultimately, they use it to manipulate victims and commit fraud. Sometimes, fraudsters don’t have all of the pieces of the puzzle together, so they often further manipulate systems and customers in order to get the full suite of assets they need to steal.

The complexity of scams and social engineering means that financial institutions have to take a layered approach to prevention and detection. For example, checking device characteristics is useful, but when combined with Confirmation of Payee, transactions analytics, customer profiling and instant messaging services for verification, this is where the layers play extremely well together. When and how fraud prevention solutions are deployed must be balanced with other factors such as customer experience and operational costs. Being dynamic and flexible is key to both creating the necessary balance and evolving at least as fast as the fraudsters can.

Identity authentication isn’t as strong in a scam event as it is in other fraud types. Nearly all fraud events start with a data compromise and with scams it’s no exception. Identifying compromised and vulnerable customers is still very inconsistent across banks, so there is a big opportunity to be more proactive in stopping the scam before it is initiated.

Many banks have incorporated consumer protection into their marketing plans but I would like to see more do it across the industry.

What are the latest scams you are seeing emerging?

Before Open Banking, criminals applied for low-risk accounts using a fake identity in order to start building up their credit file. Over time, they would move into commerce and then onto higher-value targets, hitting them hard.

We believe this approach is finding its way into the Open Banking ecosystem as a faster route to higher-value credit. Having secured low-risk bank accounts and passed the Know Your Customer requirements, criminals are attempting to access new services through Open Banking third-party providers, who offer loan approvals and various other financial and investment services.

We’ve also seen a steady rise in fake videos and audio with targeted content that manipulates and gains access to personal and finance data. As the technology becomes more sophisticated, it’s becoming the new favorite tool in financial crime. For instance, bank manager in the United Arab Emirates fell victim to a threat actor’s scam, when hackers used AI voice cloning to trick the bank manager into transferring $35 million.

We believe this will become a big challenge for banks in Europe and across the globe as they find themselves increasingly targeted in this way. As those deep fake technologies develop, we will see more innovation and use of a wider variety of biometric technology thrown into the mix.

Continue Reading

Magazine

Trending

Business5 hours ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance11 hours ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 1011 hours ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business11 hours ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News11 hours ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business19 hours ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology1 day ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance1 day ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking1 day ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business1 day ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business1 day ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Wealth Management1 day ago

Keeping Cyber Insurance Premiums Down with Deep Observability

By Mark Coates, VP EMEA, Gigamon There is no doubt that the cyber insurance industry has experienced something of an...

Business1 day ago

When it comes to innovation, ignore your CEO and listen to your customer

 By Alex Hammond, Partner, Airwalk   At its core, the 2008 financial crisis was a result of banks incorrectly managing...

Business1 day ago

Netflix-style ransomware makes your organisation’s data the prize in a dark subscription economy

By John Davis, UK & Ireland Director, SANS Institute. Today’s subscription economy makes accessing nearly any service as easy as hitting enter....

Banking1 day ago

BANKING FOR BETTER 

By Alex Kwiatkowski, Director of Global Financial Services, SAS. From shifting market dynamics and mounting geopolitical tensions, to skyrocketing cyber threats...

Banking1 day ago

Why traditional banks need to embrace the agility of fintech competitors

Paul Higgins, EMEA Banking Lead, Mendix   Tech has long played a role in the finance space. The legacy applications running...

Technology1 day ago

SaaS Procurement’s Silver Bullet – How Automation is Changing the Game

Sven Lackinger, Co-Founder, Sastrify   Sven Lackinger is Co-Founder at Sastrify, the digital procurement platform for Software-as-a-Service products. Founded in...

News1 day ago

Tata Motors partners with IndusInd Bank to offer exclusive Electric Vehicle Dealer Financing

Key Highlights:   One-of-its kind Electric Vehicle Inventory Financing program for Tata Motors’ dealers  Limits extended towards EVs will be over...

Finance1 day ago

astrantiaPay Selects SaaScada to Enrich Swiss Landscape of Business Payments and Fill Market Gap

Swiss financial firm, astrantiaPay, to use SaaScada’s cloud-native core banking engine to simplify cross-border payments for SMEs and facilitate international...

Business2 days ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk at Acadia   Since its inception, Big Data has been...

Trending