Virtual Hearing - Cybercriminals and Fraudsters: How Bad Actors Are Exploiting ...(EventID=110795)

Video Description

Connect with the House Financial Services Committee Get the latest news: https://financialservices.house.gov/ Follow us on Facebook: https://www.facebook.com/FinancialDems/ Follow us on Twitter: https://twitter.com/FSCDems ________ On Tuesday, June 16, 2020, from 12:00 p.m. (ET) - - - - - - - - - - - - - - - - - - - Witnesses for this one-panel hearing will be: • Mr. Tom Kellermann, Head of Cybersecurity Strategy, VMware • Mr. Kelvin Coleman, Executive Director, National Cyber Security Alliance • Ms. Amanda W. Senn, Chief Deputy Director, Alabama Securities Commission; on behalf of the North American Securities Administrators Association (NASAA) • Mr. Jamil Jaffer, Founder & Executive Director, National Security Institute, Assistant Professor of Law & Director, National Security Law & Policy Program Overview According to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3), “the number of cybersecurity complaints to the IC3 in the last four months has spiked from 1,000 daily before the pandemic to as many as 4,000 incidents in a day.” These reports in the first four months of the COVID-19 pandemic are near the total reported amount of 2019 complaints. The financial services sector is also under increased duress due to COVID-19 related cyber-criminal activity. A May 2020 survey of financial institutions (FIs) found that 80% of surveyed banks report a year-on-year increase in cyberattacks against the sector surging 238% during the COVID-19 crisis (February-April 2020). The volume of attacks, as reported by many of the largest FIs, moved across the globe towards the U.S. in line with the movement of the virus and has continued to ebb and flow with the undulations of the COVID-19 news cycle. These cyber vulnerabilities are exacerbated by the unusually large numbers of employees in the United States working remotely. According to the National Cyber Security Alliance (NCSA), “basic security measures need to be taken to protect the individual and enterprise from cyber criminals who are taking advantage of lax telework security practices.” The technology to support remote work – such as Virtual Private Networks, DNS routers, cloud deployments, and videoconferencing platforms – has the potential to introduce new points of exploitable weakness for opportunistic cybercriminals. Strains on IT and cybersecurity staff as a result of illness or stay-at-home orders can result in slower updates to software and maintenance to systems. Further, poor home-based digital hygiene (e.g., weak passwords on personal computers, poorly secured home Wi-Fi routers, and family linking internet-connected devices) increases the possibility that an employee might unintentionally pass a computer virus to a company’s main system. Many persons in the United States have already been victims of cyber breaches, whether leaked directly or through other parties. As a result, their personally identifiable information (PII), such as social security numbers and dates of birth, is already available for purchase on the dark web. Criminals, often through shell companies, can use this PII to apply for state and federal benefits and to perpetrate other types of fraud. Synthetic identification, where the entire “person”... Methods Used by Cyber Criminals to Target Victims According to the Financial Crimes Enforcement Network (FinCEN), cyber criminals are utilizing traditional attack strategies, and modifying or increasing them to exploit the unique challenges and anxieties posed by the current COVID-19 pandemic. According to sources including a joint alert from the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre, a range and fusion of methods are being employed, such as: • Malware, software intended to gain access or cause damage to a computer or network, often while the victim remains oblivious to the fact there's been a compromise; • Ransomware, software designed to deny access to a computer system or data until a ransom is paid; • Man-in-the-Middle Attacks, “cyber eavesdropping on conversations between two parties and intercept data through a compromised but trusted system;” • Phishing, the use of email or text messages designed to trick the victim into giving personal information that allows the criminal to steal passwords, account numbers, Social Security numbers, and access to email, bank, or other accounts; • Business Email Compromise (BEC), the use social engineering to craft email messages that appear to come from known sources making legitimate requests such as a money transfer or access to a computer network; and • Cyber-supported Fraud Schemes, scams such as benefits fraud, charities fraud, and crowdfunding scams, which leverage email and identification (ID) issues and often typical during disasters... Hearing page: https://financialservices.house.gov/calendar/eventsingle.aspx?EventID=406613