Banks Warn of Rise in Ransomware Attacks

Cyber threats from ransomware and other types of attack have risen since the onset of the coronavirus pandemic as criminals look to exploit gaps in defences magnified by remote working, banks say.

“The pandemic has caused an epidemic of financial crime around the world. Over the past few months, ransomware has really taken off,” said Lester Joseph, manager of the global financial crimes intelligence group at Wells Fargo.

With a majority of bank employees working from home, experts say the number of entry points for hackers has increased. Staff are also having to adjust to unfamiliar systems and processes, leaving them vulnerable to cyber attacks such as phishing.

Joseph warned of the growing need to educate staff on the dangers of unsolicited or fake emails that could introduce ransomware to company systems.

“Criminals have quickly taken advantage of the situation—in some cases, tailoring old schemes to Covid,” said Joseph. He was speaking during a panel debate on financial crime at OpRisk Europe on October 8.

The Financial Crimes Enforcement Network, a unit of the US Treasury, has issued an advisory note on ransomware, detailing how attacks are perpetrated and how banks can identify suspicious activity, including the laundering of payments by victims in virtual currencies.

The note includes warning signs for banks to look out for, such as a sharp increase in the use of virtual currencies by cyber insurance companies, which could indicate that a business covered by cyber insurance has been targeted by ransomware.

Any rise in the flow of criminal money through the financial system could leave banks at greater risk of breaching anti-money laundering rules. Financial institutions globally have faced fines totaling nearly $1 billion for anti-money laundering failures in 2020, according to operational risk data provider ORX News.

The situation has changed since March, and criminals appear to be a step ahead. The compliance function, in my view, needs to try [its] best to be a step ahead

Igor Sumkovski, Santander

The increase in coronavirus-related attacks has placed banks on the defensive, as AI-based systems used for detecting fraud have been churning out large numbers of false positives, owing to changes in customer behavior. With cash-only businesses that have been traditional conduits for illicit cash being shut down, criminals are seeking new avenues through which to funnel funds.

“The situation has changed since March, and criminals appear to be a step ahead,” said Igor Sumkovski, a senior financial crime manager at Santander, during the financial crime panel discussion.

“The compliance function, in my view, needs to try [its] best to be a step ahead. Technology plays a big part in tackling financial crime. In the UK, we are seeing increased cyber crime-related cases.”

Panel speakers also highlighted coronavirus-related financial assistance packages as a fertile area for fraudsters. In September, JP Morgan fired a number of employees who were found to have abused the US emergency loan program, the Financial Times reported. And Brazil’s Caixa Bank was forced to block thousands of accounts in July, after hackers attempted to steal coronavirus relief payments.

With the pandemic continuing, cyber risk looks set to remain high. An August report by Interpol shows an “alarming” rise in cyber attacks during the pandemic, including phishing emails, malware and data compromise. Experts warn that risk managers and security professionals must remain alert for future threats, in addition to firefighting today’s attacks.

“We’re too focused on things that have happened as opposed to educating people to identify the next attack,” said Evan Sekeris, head of model validation at PNC Financial Services Group, during another panel debate, on cyber risk, at OpRisk Europe on October 6.

Banks have been working to develop a common understanding of the drivers behind cyber risk through efforts such as that sponsored by the American Bankers Association, in which banks are creating scenarios for stress-testing and resilience purposes. The Federal Reserve Bank of Richmond last year launched an initiative aimed at creating a shared language for recording cyber losses and incidents.

Scenarios had been the central feature of capital planning under the Basel Committee on Banking Supervision’s advanced measurement approach for operational risk. The advanced approach is being phased out in favour of a standardized approach that calibrates risk capital to a bank’s size and historical losses. Scenarios have become a linchpin of cyber resilience, helping firms devise planning exercises to prepare for unforeseen events.

Sekeris said: “Scenarios bring value from an understanding of the drivers of the risk. The adverse event might be different from the one you had created the scenario for, but going through the scenario forces you to think of systems and controls in the case of a severe event.”