CaaS has made the tools and infrastructure for cybercrime accessible to anyone
For criminals, CaaS offers access to all manner of digital resources needed to commit cybercrimes, such as malicious software (malware), botnets (networks of computers infected with malware), hacking specialists, databases of stolen personal information, penetration testing of potential targets, open-source research, and much more. (For more details on the CaaS offerings available on the dark web, check out our deep-dive on CaaS )
What level of damage are we talking about? Here is a recent example. In November 2016, the Avalanche network was taken down by a coalition of law enforcement agencies in 30 countries. Five individuals were arrested, two of whom are suspected of being the creators and administrators of the Avalanche CaaS offering. Cybercriminals using the services provided by Avalanche victimized over 500,000 people across 40 countries, and are estimated to have stolen hundreds of millions of dollars. While the takedown of Avalanche is a significant success, law enforcement officials acknowledge Avalanche is only one of an increasing number of groups providing CaaS services, and more must be done to effectively disrupt these types of activities.
Taking an integrated approach
The proliferation of cyber financial crime is not lost on regulators seeking to protect the financial systems. In October 2016, FinCEN (The Financial Crimes Enforcement Network) issued new guidance on how Bank Secrecy Act (BSA) regulations apply to cyber events, cyber-enabled crime, and cyber-related information.
Financial institutions are also facing expanded BSA reporting requirements under the recently enacted New York State Department of Financial Services (DFS) cybersecurity regulations, which came into effect March 1, 2017 and included an expanded definition of cyber events triggering BSA reporting.
Financial institutions should consider how the convergence of cyber security and financial crimes compliance impact its target operating models to ensure seamless coverage. At Standard Chartered we are taking an integrated approach.
We have created a dedicated group to focus on identifying, analysing, mitigating and reporting illicit proceeds from cyber financial crime
We have created a dedicated Cyber Financial Intelligence Group (CyFI) to focus on identifying, analysing, mitigating and reporting illicit proceeds from cyber financial crime.
CyFI produces intelligence through the fusion of financial data, cyber threat intelligence, web research, mining of restricted access sites, and much more. Working in collaboration with other internal teams, industry partners and law enforcement, CyFI plays a proactive role in identifying, mitigating and disrupting financial crime risks to the Bank from cyber-enabled and cyber-dependent crime.
Partnering with crime agencies
A real challenge to the proliferation of cybercrime can only be mounted by the industry as a whole working in collaboration with law enforcement stakeholders. We at Standard Chartered have therefore partnered with the National Crime Forensic Training Alliance (NCFTA), which is a non-profit organization facilitating close public-private partnership by bringing together industry partners, law enforcement, and academic institutions to combat cybercrime.
With an analyst now embedded in the New York office of the NCFTA, the Bank is collaborating in a joint environment with law enforcement and industry peers to disrupt cybercriminals and develop best practices. The Bank is also a member of the Financial Services – Information Sharing and Analysis Center (FS-ISAC), a cyber threat intelligence clearinghouse providing rapid dissemination of cyber threat intelligence and community analysis of cybercriminals. The Bank’s partnerships with these and other organizations is a critical step towards gaining a tactical and strategic advantage over cybercriminals.