Thursday, June 18, 2020

House Finance subcommittee explores cybercriminals’ exploits in the time of COVID-19

By Brad Rosen, J.D.

The Subcommittee on National Security, International Development and Monetary Policy of the House Financial Services Committee recently held a virtual hearing titled Cybercriminals and Fraudsters: How Bad Actors Are Exploiting the Financial SystemDuring the COVID-19 Pandemic. The witnesses, all cybercrime experts in their own right, included Amanda Senn, chief deputy director, Alabama Securities Commission, and on behalf of the North American Securities Administrators Association (NASAA); Tom Kellermann, head of Cybersecurity Strategy, VMware; Kelvin Coleman, executive director of the National Cyber Security Alliance; and Jamil Jaffer, executive director of the National Security Institute. The hearing was overseen by Emanuel Cleaver (D-Mo) and was joined by Ranking Member French Hill (R-Ark).

Cyberattacks against financial institutions surge. A May 2020 survey of financial institutions found that cyberattacks against the sector surged 238 percent during the COVID-19 crisis, as set forth in the Committee’s hearing memo. Additionally, 80 percent of the surveyed banks reported a year-on-year increase in cyberattacks. Moreover, the number of cybersecurity complaints to the FBI’s Internet Crime Complaint Center in the last four months spiked from 1,000 daily before the pandemic 4,000 incidents in a day at times. The number of complaint reports received by the FBI in the first four months of 2020 approaches the total of those received for all of 2019. The volume of attacks, as reported by many of the largest financial institutions, moved across the globe towards the U.S. in line with the movement of the virus.

One important shift in attacks against financial institutions in the COVID-19 crisis has been a move from "heists" (when opportunistic criminals seek to steal data and money before exiting an environment) to ‘hostage situations’ (when cybercriminals aim to remain persistent on a financial institution’s network for the long term). Further, ransomware attacks against the financial sector have increased nine-fold since the start of the crisis.

Work-from-home creates a target rich environment for cyberfraudsters. Cyber vulnerabilities for financial institutions and other victims have been exacerbated by the unusually large numbers of employees in the U.S. working remotely, as noted in the committee’s memo. According to the National Cyber Security Alliance (NCSA), "basic security measures need to be taken to protect the individual and enterprise from cyber criminals who are taking advantage of lax telework security practices." Some of the methods used by cyber criminals to target victims involve traditional attack strategies, but some have been modified or combined to further exploit the unique challenges and anxieties posed by the COVID-19 pandemic. Some of the methods being employed are:
  • Malware—software intended to gain access or cause damage to a computer or network, often while the victim remains oblivious to the fact there's been a compromise;
  • Ransomware—software designed to deny access to a computer system or data until a ransom is paid;
  • Man-in-the-Middle Attacks—cyber eavesdropping on conversations between two parties and intercept data through a compromised but trusted system;
  • Phishing—the use of email or text messages designed to trick the victim into giving personal information that allows the criminal to steal passwords, account numbers, Social Security numbers, and access to email, bank, or other accounts;
  • Business Email Compromise—the use social engineering to craft email messages that appear to come from known sources making legitimate requests such as a money transfer or access to a computer network; and
  • Cyber-supported Fraud Schemes—scams such as benefits fraud, charities fraud, and crowdfunding scams, which leverage email and identification (ID) issues and often typical during disasters.
These cyber-related attacks on the U.S. financial system by bad actors, including nation states, state-sponsored or protected criminals, or transnational criminal organizations, have been on the upswing.

Fraudsters will use the COVID-19 crisis to fleece mom and pop investors. State and provincial securities regulators are standing on the front lines in the fight against the criminals and opportunists looking to abuse America’s investing public according to the testimony of Amanda Senn, appearing on behalf of NASAA. Senn noted that opportunistic fraudsters will use COVID-19, much like they have used other crises, in their attempts to victimize main street investors. To counter these efforts, NASAA has formed a COVID-19 Enforcement Task Force, consisting of state and provincial securities regulators, to identify and stop potential threats to investors that arise from the COVID-19 crisis. The initiative, which is led by NASAA, includes more than 100 investigators from the vast majority of its member jurisdictions. The task force is using online investigative techniques to identify websites and social media posts that may be offering or promoting fraudulent offerings, investment frauds, and unregistered regulated activities.

In response to a question from Financial Services Committee Chairman Maxine Waters (D-Calif), about the vulnerabilities of seniors and minority communities to financial scams, Senn noted that state regulators know their communities, and are well positioned to work in concert with private industry to further investor education and awareness.

The U.S. Secret Service should be moved back to Treasury. In his testimony, Tom Kellerman strongly advocated for pending legislation that would move the U.S. Secret Service (USSS) back to its original home at the Department of Treasury from the Department of Homeland Security, where it is currently situated. He noted that while the Secret Service is best known primarily for protection; it also performs financial, counterfeit currency, and cybercrime investigations. Cosponsors of the legislation Roger Williams (R-Texas) and Denny Heck (D-Ore) also voiced their vigorous support for the realignment of the USSS.

Jamil Jaffer echoed these sentiments about the Secret Service in his testimony as well. He also recommended that the committee consider the establishment of a unit within the Treasury Department that would have access to real-time threat intelligence from the national security community, including DHS, FBI, NSA, and U.S. Cyber Command, as well as directly from the financial services industry.

In his testimony, Kelvin Coleman also underscored the importance of establishing partnerships between the public and private sector players in an effort to build a more secure, connected world. He also urged that Congress consider making game changing investments in cybersecurity awareness and education, noting Congress can and should play an important role in making sure Americans understand the many dangers of inadequately securing their systems, devices, and information.