Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida

Transcription

1 Cybercrime and Information Security for Financial Institutions AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida

2 Defining Cybercrime Stealing and Monetizing Financial and Identity Data Sabotage/Extortion Economic Espionage Harassment

3 Financial Cybercrime Acquiring Information Accessing Accounts Cashing Out

4 How Is Data Compromised?

5 How Is Data Compromised? External Threats Malware Infections Harvesting account information or credentials E.g. Keylogger, Point-of-Sale RAM Scraper Finding system vulnerabilities Variety of delivery systems attachments Links to phishing site or infected site Other networked devices Physical access (e.g. ATMs, thumbdrives)

6 How Is Data Compromised? External Threats: Site Vulnerabilities

7 How Is Data Compromised? Phishing of Employees Designed to deliver malware or obtain credential information Phishing and Social Engineering attacks are increasingly sophisticated More personalized with legitimate-appearing graphics and language

8 How Is Data Compromised? Partners & Attached Systems Not just targeting financial institutions directly Sophisticated schemers research and target vendors, suppliers, and partners

9 How Is Data Compromised? Internal Threats Employees Financial Institutions Hospitals Government Contractors Call Centers Profit Motive Social Engineering

10 How Is Data Monetized? Account Takeovers Direct Log-in Authorized Users Spoofed Unauthorized Accounts Benefits Fraud IRS SSA Unemployment

11 How Is Data Monetized? Account Takeovers: Spoofed Requests funds transfer via compromised account Requests funds transfer via nearly-identical address Alternatively, contacts customers through compromised or spoofed account

12 How Is Data Monetized? Carding forums/online bazaars Means for data harvesting Malware Spam services Fruits of hacking Identity information Account information Means for cashing out Mule services

13 Protecting Your Network Employee awareness Two-factor authentication for log-ins Limiting network access Employees Contractors Internet of Things separating crucial data from other networks

14 Protecting Your Customers Two-factor authentication Particularly for large wires Fraud logic on address or contact changes Identifying patterns of benefits deposits

15 We Want You!

16 Considerations for Prosecution Availability/strength of evidence Preservation of network records Ability to identify perpetrators Venue Identifiable losses

17 What will happen if I call the Feds? Walk-away Policy Talk to us about what investigation and prosecution would involve Cannot promise immediate decision You can choose not to proceed We are sensitive to your concerns of negative publicity Can work with you to prevent or limit disclosure sensitive information If you prefer, we will try to keep you out of the news

18 What will happen if I call the Feds? We will want your system administrator to recover network logs for us Private forensic analysis can be helpful Will likely need a clean image for verification and discovery We will work with you and your system administrator to find out who attacked you May request a delay seeking on civil remedies

19 Effective Collaboration Timely reporting Evidence preservation Documentation of internal investigation Availability of witnesses Systems administrators working with investigators

20 Reporting Publicity Concerns Incident too small? Identifying the pattern Aggregated loss amounts -> more compelling case Prompt reporting helps preserve evidence both internally and externally

21 Questions? AUSA Jared M. Strauss FBI Miami Field Office (305) USSS Miami Electronic Crimes Task Force Internet Crime Complaint Center