Connect with us


Ransomware seems more prolific than ever. Why is that and do you think we’ll see that change at all in the near future?



Paul Prudhomme, Head of Threat Intelligence Advisory at Rapid7


Multiple factors have encouraged the proliferation of ransomware. One factor is the snowball effect, in which successful ransomware attacks fuel more ransomware attacks. Victims who pay ransoms encourage more attacks by demonstrating that ransomware is profitable. Paying ransoms further encourages more attacks by giving attackers more financial resources with which to fund more numerous or ambitious attacks.

The rise of the remote workforce has also created more opportunities for attackers to gain access to targets by targeting the home infrastructure and personal devices of remote employees and compromising remote access services (such as RDP and VPNs) and virtual communication platforms (such as Slack and Zoom). The initial access brokerage market, in which specialised vendors acquire and sell compromised network access to other criminals, has thrived as a result of this transformation. Ransomware attackers are key customers for this market and have thus been able to scale their operations along with it.

Another factor is the ability of ransomware attackers to develop new tactics in response to organisations’ defences in a cat-and-mouse game. For example, many organisations implemented more robust backup systems as a defence against ransomware, so as to relieve the pressure to pay ransoms by maintaining the ability to restore files without paying ransoms. Ransomware attackers adapted to this challenge by adding a second layer of extortion to their attacks, in the form of data disclosures. Threatening to disclose compromised data if a victim refuses to pay the ransom works around organisations’ backup defences, which are useless against the threat of data disclosure.

Paul Prudhomme

Russia, Ukraine, and other former Soviet republics have historically provided a safe haven for ransomware operators and many other criminals, as long as they restricted their attacks to targets beyond that region. The Russian invasion in Ukraine has already had a significant impact on ransomware operators in both countries, but the ultimate long-term implications are still to be determined as the war continues. Some implications thus far have included: the damaging leak of internal chat records from the Conti ransomware group, in response to its threat to retaliate for foreign cyberattacks on Russia; financial disruptions to Russian criminals due to the economic isolation of Russia; and disruptions of Internet service and other functional problems for ransomware operators in Ukraine due to war damage.


Can you explain what ‘double extortion’ is and why has it become a popular technique for ransomware gangs? 

“Double extortion” refers to the addition of a second layer of data disclosure threats to ransomware attacks, beyond the historic focus on encrypting files and holding them for ransom. A “double extortion” attack involves threatening to disclose compromised data from the network of a ransomware victim if the victim refuses to pay an additional ransom line item for that.

The threat aims to put more pressure on victims to pay more by subjecting them to the risk of additional harm to their business through exposure to fraud or further compromises, legal or regulatory liabilities, damaged reputations, the exposure of intellectual property or other trade secrets. It also aims to maximise profit from ransomware attacks by further monetising an attacker’s access. This tactic emerged in response to organisations’ implementation of more robust backup procedures, which are effective against the file encryption layer of ransomware attacks but useless against the threat of data disclosure.


From the research, customer and patient information was the most frequently leaked data in the financial industry, was this different when compared to other sectors and, if so, why is this the case? 

Our research found that customer/patient data was the second-most popular category of files for ransomware attackers to include in data disclosures across all industries, but it was the most popular category for victims in the financial services industry by a very wide margin. Leaking customer/patient data is a popular tactic for use against customers/patients in all industries because it erodes consumer/patient confidence in them and can thus be an effective way for ransomware attackers to hit victims where it hurts – that is why we chose the phrase “pain points” in the research report title.

We believe that this point is even more valid for the financial services industry because they depend even more heavily than other industries on customers’ confidence in their ability to protect their money and their personal information. Ransomware attackers would thus be more likely to leak customer data from a financial services victim because it would put more pressure on the victim to pay.


What can financial organisations do to protect themselves against double extortion attacks and ransomware more broadly? 

One of the goals of this report was to enable organisations to identify those “pain points” that ransomware attackers are most likely to target in the data disclosure layer of a ransomware attack. These insights, such as the above-mentioned emphasis on customer data in the financial services industry, can help financial institutions and other organisations identify those assets that ransomware attackers are most likely to target. Organisations can provide those most frequently targeted assets with additional layers of defence.

One additional layer of defence is network segmentation, with the goal of preventing attackers from ever accessing that data in the first place, even if they do gain access to other parts of the network. Another layer of defence is file encryption, so that the files would be useless for the purpose of data disclosure, even if attackers do gain access to them.

Financial institutions can defend themselves against ransomware much like organisations in any other industry. Anti-phishing education can make employees less likely to click on the malicious email attachments and links that often initiate attacks. Spam traps can prevent many malicious messages from ever reaching employees in the first place.

Securing remote access services, such as RDP and VPNs, is a critical defence against ransomware attackers and the initial access brokers that provide many of them with access to compromised networks. RDP services are popular targets for brute force attacks, and should be disabled if not in use. If RDP is in use, the organisation should implement rate limiting and require two-factor authentication, preferably via mobile app rather than SMS. VPN software should receive regular updates to patch it for newly discovered vulnerabilities that attackers can and often do exploit. Accounts on remote communication platforms should have two-factor authentication to prevent attackers from compromising them and using them to expand their access by impersonating legitimate users.


Are there any other cyber threats targeting the finance sector that should be top of mind for businesses? 

One of the most severe threats to financial institutions is the risk of large-scale fraud via compromised access to interbank payment systems such as SWIFT.  Such attacks in the past have been attributed to state-sponsored North Korean actors, as well as some of the more sophisticated Russian-speaking criminals. Such attacks are less common than other threats but can have more severe consequences when they do happen.


Interview with Devin de Vries, founder and CEO at WhereIsMyTransport




  1. Where did the idea for WhereIsMyTransport come from?

At WhereIsMyTransport, we are working to ensure that better data and technology benefits people living and working in emerging markets, and creates opportunities from improved understanding. But the idea for WhereIsMyTransport came when I was a student. At the time, I was challenged to take on a real world problem using technology. I felt then, as I do now, that the strongest potential for growth and impact was in public transportation. Urban mobility is to people what blood flow is to our bodies, it’s vital. We want people to be able to use information that they can rely on to access the things that enrich their lives.

  1. Can you tell us about your role and responsibilities?

As the CEO and co-founder of WhereIsMyTransport, I am responsible for the company’s vision and strategy. Under my leadership WhereIsMyTransport has grown from a two-person team to a 130-person company with employees around the globe. As the person at the helm, I am also responsible for driving its vision of bringing the benefits of high-quality data and technological innovation to people living and working in emerging markets.

  1. What has been your highlight in your current role?

There have been a number of highlights over the years. Perhaps the biggest, however, comes from building and leading a globally remote team that is united by turning a vision into reality. We’re taking on what many people would perceive to be an impossible task of making the invisible, visible. Witnessing our determination as a business grow into global impact – a data offering across 50 cities and counting, numerous client successes, and a consumer product helping communities of public transport users has been incredibly fulfilling.

  1. What is your leadership style?

As the company has evolved, so has my leadership style. In the early days, I was hands-on and very involved in every project. I believe I’m someone who believes in people’s potential, so as the company’s grown, I’ve learned to let go more and more and trust the incredibly talented team we’ve built up over the years. One thing that hasn’t changed about my leadership style is the infectious enthusiasm I’ve tried to impart. This is especially true when it comes to the Majority World’s potential to hold the world’s next great creative solutions.

  1. What makes a hyperlocal market understanding an enabler for global growth, and what have you implemented in the company to make this happen?

At WhereIsMyTransport, our expertise in producing accurate mobility and location data, on the ground in markets that remain unfamiliar to many, means our clients can establish new opportunities, and generate actionable insights, in high-growth regions. To better understand the impact that a hyperlocal market understanding can have, it’s worth looking at the benefits it can have for individual businesses. Retailers, for example, can use reliable mobility and location data to ensure that their delivery drivers always use the most efficient routes, as well as planning store locations so that they’re always as close as possible to where their future customers go. With that kind of information, they can focus on growth immediately and avoid expensive mistakes held back by lack of data. The same is true for companies of all sizes in all verticals as well as governments and municipal organisations.

  1. What is the role of location data for understanding emerging markets and how has your team ensured it is possible?

At WhereIsMyTransport, we’ve built our name on producing reliable public transport network data from every mode, however it operates. But more recently we’ve expanded our offering to include location data, so points of interest like retailers, food sellers, and the indoor mapping of pathways and levels at public transport exchanges that are so critical for connections and the first and last mile. Location data like this is critical for improving understanding. Emerging markets are expected to experience greater economic growth than developed markets between now and 2030, but we also know that the informal economy is sizable in these markets. 90% of WhereIsMyTransport’s POIs aren’t available from other location data providers, meaning it’s possible for clients to leverage this unmatched insight into the truth of these high-growth markets. How do we do it? Our approach combines cutting-edge tech with localised processes. We hire teams of local people to map and collate data like bus stops, shops, wifi points, and so on. Our team is trained in their roles and the technologies we use before beginning work in the field. And we remain active after our initial data collection, updating data sets to ensure our offering reflects the ground truth.

  1. In terms of the company, what are some of the global mobility and urban development megatrends and how might they happen in emerging markets?

As a company, the global mobility megatrends we’re most excited about are all underpinned by what we call “infostructure”. This can be understood as the layer of information that forms the foundation for a well-functioning, modern city. Commuters and businesses in many European, North American, and some Asian cities take this for granted, benefiting from easy access to reliable data. The decentralised nature of public transport in emerging-market cities, however, means the infostructure opportunity has not been well harnessed to date. But the increasing ubiquity of smartphones in these markets means that it’s becoming possible to build this layer in a way that works for them. There is new potential to reach people in innovative ways and, more immediately, for our own data production methods which are partly undertaken using our purpose-built mobile phone application.

Continue Reading


Overcoming the threat of voice fraud in the financial industry





The level of fraud hitting the financial industry is a serious crisis. According to UK Finance, in the first half of 2021 more than £750m of bank customers’ funds were lost to fraud, an increase of more than 20% over the same period in 2020.

We spoke to Nikolay Gaubitch, Director of Research EMEA at Pindrop, about possible causes for the increasing volume of fraud – and what can be done about it.


Q1: Reported banking fraud skyrocketed in 2021. What is causing this alarming trend?

There are a few different trends at play here. First of all, fraudsters are increasingly able to pass security measures and access accounts thanks to the huge volume of personal records being stolen on a daily basis. More than five billion individual personal records are believed to have been breached in 2021 alone.

With that much data floating around, it’s never been easier for fraudsters to acquire login credentials and other personal information to bypass security measures. Financial account information is sold as a commodity on the dark web – for example, Pindrop’s recent Voice Intelligence and Security Report discovered that complete sets of financial data can easily be bought for less than £50.

In addition, criminal gangs have become more organised and more adept at targeting less secure areas of the financial ecosystem to overcome or bypass strict security measures. In particular, the voice channels relied upon by financial organisations for customer service can be highly vulnerable to fraudsters seeking to access customer accounts.


Q2: Why are fraudsters targeting the voice channel?

The voice channel is seen by fraudsters as a more accessible alternative to online platforms that have been bolstered by stronger security measures. Telephony can be exploited to provide direct access to customer accounts without the technical skills and resources required for breaching online platforms.

Caller verification is usually handled by knowledge-based authentication (KBA), a series of questions that usually involve a mixture of personal information and passwords or PIN codes. This process can be overcome by a combination of stolen information and a strong social engineering playbook, with criminals bluffing their way past any knowledge gaps. As stolen personal data has become more freely available on the dark web, KBAs have become less and less effective.

In fact, KBAs have become so ineffective that Pindrop research indicates fraudsters now have an easier time passing them than legitimate callers do. A Pindrop case study with a national contact centre found that 92 percent of fraudsters were able to pass KBAs, compared to just 46 percent of legitimate callers.

Fraudsters can also harvest or verify already stolen data by exploiting automated IVR systems or cross-referencing with other accounts.

As the financial industry offers the most direct access to a lucrative payday from fraudsters, the voice channels for banks and other financial firms are a primary target for these tactics. Our research showed that an estimated one in 1175 calls handled on behalf of banking and finance organisations was fraudulent in 2021.

Q3: Why has the voice channel been more difficult to secure than online platforms?

Securing the voice channel has historically been limited by technology due to the format and the real-time nature of the telephony channel. With limited technological options for securing and ensuring authentication in the past, fortunately solutions have now become available in the last few years.

A key consideration has been that it has been difficult to implement more effective measures without causing significant disruption for legitimate callers. For example, layers of verification such as multifactor authentication (MFA) that are common in online platforms would be too slow and unwieldy during a live call.


Q4: Why is the balance between authentication and accessibility so important?

Striking the right balance between effective authentication and a positive user experience is a challenge for most communication channels. However, it is particularly critical for voice.

The human aspect of voice is one of its strongest assets, providing customers with the chance to engage directly and in-depth with a trained support agent.

Financial firms risk backlash from their customers if they make voice access too difficult with strict authentication methods. Recent research by the Call Centre Management Association (CCMA) found that just over a quarter (27 percent) of all respondents had stopped doing business with at least one organisation because of authentication issues.


Q5: How can the voice channel be secured against fraud?

One of the most promising developments in securing the voice channel is the application of AI and machine learning technology. The technology can be used to rapidly detect fraudsters through

multiple data points such as their voice, device, and call metadata. This means imposters can be outed no matter how much stolen data they have, and regardless of how slick their social engineering skills are.

Crucially, this process should be entirely passive, taking place in the background with no additional burden or friction for legitimate callers. The real-time analytical power of AI and machine learning can also be applied to authentication to create a more efficient and seamless process.

Pindrop’s technology has delivered proven results for callers and call-handlers alike. In one example, the US-based United Community Bank (UCB) was able to handle 14 percent more calls thanks to the time saved in cutting down lengthy authentication processes. As a result of this efficiency, the average time spent on hold decreased by one minute and 11 seconds and the number of abandoned calls dropped by seven percent. Post-call satisfaction surveys saw a five percent increase in customer satisfaction.

In another example, the First National Bank of Omaha (FNBO) was able to improve account takeover (ATO) detection  by 59 percent. Total losses from ATO reportedly went down by 16 percent, and overall average loss decreased by 47 percent after implementing Pindrop technology.

Continue Reading



Business3 days ago

How can businesses boost employee experience for finance professionals?

By Martin Schirmer, President, Enterprise Service Management, IFS Over the course of the last year, The Great Resignation has seriously...

Business4 days ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at   If you work in finance, you’ll have been hearing a lot about...

Business4 days ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business4 days ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance4 days ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business4 days ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 104 days ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business4 days ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business6 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business6 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business6 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business7 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking1 week ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 102 weeks ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business2 weeks ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking2 weeks ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking2 weeks ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology2 weeks ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...