February 10, 2016 By admin Leave a Comment

The FBI on Cyber Crime

We are building our lives around our wired and wireless networks. The question is, are we ready to work together to defend them?

The FBI certainly is. We lead the national effort to investigate high-tech crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud. To stay in front of current and emerging trends, we gather and share information and intelligence with public and private sector partners worldwide.

Key Priorities
– Computer and Network Intrusions
– Identity Theft
– Fraud: Internet Crime Complaint Center

Initiatives & Partnerships
– National Cyber Investigative Joint Task Force
– Cyber Task Forces
– iGuardian
– InfraGard: Protecting Infrastructure
– National Cyber-Forensics & Training Alliance
– Cyber Action Team

Cases & Takedowns
– Operation Ghost Click
– Coreflood Botnet
– 2,100 ATMs Hit at Once
– Operation Phish Fry
– Dark Market
– More

Wanted by the FBI
– Cyber’s Most Wanted

Cyber Threats & Scams
– Internet Crime Reports
– National Cyber Awareness System
– Threat Overview: Testimony
– E-Scams & Warnings
– Common Internet Frauds
– Peer-to-Peer Networks
– Ransomware

Protections
– Report a Cyber Incident
– Law Enforcement Cyber Incident Reporting (PDF)
– Get Educated on Internet Fraud
– How to Protect Your Computer
– Parent’s Guide to Internet Safety

More Resources
– DOJ Computer Crime & Intellectual Property Section
– National Strategy to Secure Cyberspace
– Secret Service Electronic Crimes Task Forces
– Stop.Think.Connect. Campaign

Source: U.S. Department of Transportation, “Cyber Crime” https://www.fbi.gov/ website. Accessed February 10, 2016. https://www.fbi.gov/about-us/investigate/cyber

© Copyright 2016. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

February 10, 2016 By admin Leave a Comment

Combating Cyber Crime

Today’s world is more interconnected than ever before. Yet, for all its advantages, increased connectivity brings increased risk of theft, fraud, and abuse. As Americans become more reliant on modern technology, we also become more vulnerable to cyberattacks such as corporate security breaches, spear phishing, and social media fraud. Complementary cybersecurity and law enforcement capabilities are critical to safeguarding and securing cyberspace. Law enforcement performs an essential role in achieving our nation’s cybersecurity objectives by investigating a wide range of cyber crimes, from theft and fraud to child exploitation, and apprehending and prosecuting those responsible. The Department of Homeland Security (DHS) works with other federal agencies to conduct high-impact criminal investigations to disrupt and defeat cyber criminals, prioritize the recruitment and training of technical experts, develop standardized methods, and broadly share cyber response best practices and tools. Criminal investigators and network security experts with deep understanding of the technologies malicious actors are using and the specific vulnerabilities they are targeting work to effectively respond to and investigate cyber incidents.

DHS components such as the U.S. Secret Service and U.S. Immigration and Customs Enforcement (ICE) have special divisions dedicated to combating cyber crime.

U.S. Secret Service

The U.S. Secret Service maintains Electronic Crimes Task Forces, which focus on identifying and locating international cyber criminals connected to cyber intrusions, bank fraud, data breaches, and other computer-related crimes. The Secret Service’s Cyber Intelligence Section has directly contributed to the arrest of transnational cyber criminals responsible for the theft of hundreds of millions of credit card numbers and the loss of approximately $600 million to financial and retail institutions. The Secret Service also runs the National Computer Forensic Institute, which provides law enforcement officers, prosecutors, and judges with cyber training and information to combat cyber crime.

U.S. Immigration and Customs Enforcement (ICE)

The U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) Cyber Crimes Center (C3) delivers computer-based technical services to support domestic and international investigations into cross-border crime. C3 is made up of the Cyber Crimes Unit, the Child Exploitation Investigations Unit, and the Computer Forensics Unit. This state-of-the-art center offers cyber crime support and training to federal, state, local, and international law enforcement agencies. C3 also operates a fully equipped computer forensics laboratory, which specializes in digital evidence recovery, and offers training in computer investigative and forensic skills.

Law Enforcement Cyber Incident Reporting

The Law Enforcement Cyber Incident Reporting resource provides information for state, local, tribal, and territorial (SLTT) law enforcement on when, what and how to report a cyber incident to a federal entity. The document also provides information on federally sponsored training opportunities and other useful resources available to SLTT law enforcement.

Source: U.S. Department of Transportation, “Combating Cyber Crime” http://www.dhs.gov/ website. Accessed February 10, 2016. http://www.dhs.gov/cybersecurity-insurance

February 10, 2016 By admin Leave a Comment

Cyber Risk Management & Cybersecurity Insurance

Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack. In recent years, the Department of Homeland Security National Protection and Programs Directorate (NPPD) has engaged key stakeholders to address this emerging cyber risk area.

Cyber Risk Management and Cybersecurity Insurance

Traditional commercial general liability and property insurance policies typically exclude cyber risks from their terms, leading to the emergence of cybersecurity insurance as a “stand alone” line of coverage. That coverage provides protection against a wide range of cyber incident losses that businesses may suffer directly or cause to others, including costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. Few cybersecurity insurance policies, however, provide businesses with coverage for an area of growing private and public concern: the physical damage and bodily harm that could result from a successful cyber attack against critical infrastructure.

Since 2012, NPPD has engaged academia, infrastructure owners and operators, insurers, chief information security officers (CISOs), risk managers, and others to find ways to expand the cybersecurity insurance market’s ability to address this emerging cyber risk area. More broadly, NPPD has sought input from these same stakeholders on the market’s potential to encourage businesses to improve their cybersecurity in return for more coverage at more affordable rates. NPPD is currently facilitating dialogue with CISOs, Chief Security Officers (CSOs), and insurers about how a cyber incident data repository could foster both the identification of emerging cybersecurity best practices across sectors and the development of new cybersecurity insurance policies that “reward” businesses for adopting and enforcing those best practices.

DHS Cybersecurity Insurance Working Sessions

From 2012 through 2014, DHS hosted four separate working sessions where cybersecurity professionals examined the existing cybersecurity insurance marketplace, described obstacles to expanding and improving it, and identified three key ideas for overcoming the most pervasive of those obstacles:

Cyber incident information sharing. An anonymized cyber incident data repository could foster the voluntary sharing of data about breaches, business interruption events, and industrial control system attacks needed for enhanced risk mitigation and risk transfer (insurance) approaches.
Cyber incident consequence analytics. The development of new cyber risk scenarios, models, and simulations – based on repository data – could help promote understanding about how a cyber attack might cascade across infrastructure sectors and where opportunities for risk mitigations might exist.
Enterprise Risk Management (ERM). An accepted approach for fusing cyber risk into traditional ERM programs could help organizations of all sizes better prioritize and manage their top business risks.

Additional information about the working sessions, including Readout Reports summarizing session discussions and findings, can be found on the Insurance Industry Readout Reports webpage.

Benefits of a Cyber Incident Data Repository

Cybersecurity Graphic

Following the working sessions and based on the recommendations of the participants, NPPD continues to explore the benefits and feasibility of a cyber incident data repository that creates a trusted environment for enterprise risk owners to anonymously share sensitive cyber incident data. Conceptually, that data, once aggregated and analyzed, will result in increased awareness about current cyber risk conditions and longer-term cyber risk trends. New analytics products, rooted in rich repository data, in turn will help inform more effective cyber risk management investments by both private and public sector organizations as well as better cybersecurity insurance products. As the culmination of this conceptual effort, NPPD will aim to find answers to three key questions:

Do existing repositories meet the cyber incident data needs of cybersecurity stakeholder groups?
Are owners and operators of existing repositories open to leveraging external cyber incident data and analysis knowledge and incorporating it into their existing structures?
If not, should a new cyber incident data repository be developed?

Cyber Incident Data and Analysis Working Group

As a follow-on to the working sessions, NPPD established a Cyber Incident Data and Analysis Working Group (CIDAWG), comprised of CISOs and CSOs from various critical infrastructure sectors, insurers, and other cybersecurity professionals, to deliberate and develop key findings and conclusions about:

The value proposition of a cyber incident data repository;
The cyber incident data points that should be shared into a repository to support needed analysis;
Methods to incentivize such sharing on a voluntary basis; and
A potential repository’s structure and functions.

The Value Proposition. Details how a cyber incident data repository could help advance the cause of cyber risk management and, with the right repository data, the kinds of analysis that would be useful to CISOs, CSOs, insurers, and other cybersecurity professionals.
Cyber Incident Data Points and Repository-Supported Analysis. Addresses the kinds of prioritized data points that should be shared among repository users to promote new kinds of needed cyber risk analysis.
Overcoming Perceived Information Sharing Obstacles. Identifies potential roadblocks to voluntary sharing into a repository and potential approaches for addressing those roadblocks.
Repository Structure and Operations Requirements. Will detail the requirements that a future repository must address in order to successfully meet the multiple needs of likely users.

At the completion of the CIDAWG’s work, NPPD will seek opportunities to solicit input on and promote understanding of CIDAWG ideas and recommendations to support the cyber risk management needs of both the private and public sectors.

Source: U.S. Department of Transportation, “Cybersecurity Insurance” http://www.dhs.gov/ website. Accessed February 10, 2016. http://www.dhs.gov/topic/combating-cyber-crime

February 10, 2016 By admin Leave a Comment

IN: Cyber Risk Management & Cybersecurity Insurance

Dear Valued Customer,

Today’s world is more interconnected than ever before. Yet, for all its advantages, increased connectivity brings increased risk of theft, fraud, and abuse. In this issue of the “———————-“ we’re including information and tips that can ensure you are protected in many ways.

We appreciate your continued business and look forward to serving you.

Kind regards,

February 10, 2016 By Insurance News Editor Leave a Comment

The FBI on Cyber Crime

The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. The threat is incredibly serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators. Just as the FBI transformed itself to better address the terrorist threat after the 9/11 attacks, it is undertaking a similar transformation to address the pervasive and evolving cyber threat. This means enhancing the Cyber Division’s investigative capacity to sharpen its focus on intrusions into government and private computer networks.

Key Priorities

Computer and Network Intrusions

The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country.

Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights…to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal your personal information and sell it on black markets…to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.

Today, these computer intrusion cases—counterterrorism, counterintelligence, and criminal—are the paramount priorities of our cyber program because of their potential relationship to national security.

Combating the threat. In recent years, we’ve built a whole new set of technological and investigative capabilities and partnerships—so we’re as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents. That includes:

A Cyber Division at FBI Headquarters “to address cyber crime in a coordinated and cohesive manner”;
Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with “agents and analysts who protect against investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud”;
New Cyber Action Teams that “travel around the world on a moment’s notice to assist in computer intrusion cases” and that “gather vital intelligence that helps us identify the cyber crimes that are most dangerous to our national security and to our economy;”
Our 93 Computer Crimes Task Forces nationwide that “combine state-of-the-art technology and the resources of our federal, state, and local counterparts”;
A growing partnership with other federal agencies, including the Department of Defense, the Department of Homeland Security, and others—which share similar concerns and resolve in combating cyber crime.

Ransomware

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable items— including family photos, videos, and other data—can be devastating for individuals as well.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. And in newer instances of ransomware, some cyber criminals aren’t using e-mails at all—they can bypass the need for an individual to click on a link by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

The FBI doesn’t support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization that it will get its data back—there have been cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.

So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:

Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
The creation of a solid business continuity plan in the event of a ransomware attack.

Here are some tips for dealing with ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):

Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
Disable macro scripts from office files transmitted over e-mail.
Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Back up data regularly and verify the integrity of those backups regularly.
Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

Related Priorities

Going Dark

Law enforcement at all levels has the legal authority to intercept and access communications and information pursuant to court orders, but often lacks the technical ability to carry out those orders because of a fundamental shift in communications services and technologies. This scenario is often called “Going Dark” and can hinder access to valuable information that may help identity and save victims, reveal evidence to convict perpetrators, or exonerate the innocent.

Read more about the FBI’s response to the Going Dark problem.

Identity Theft

Identity theft—increasingly being facilitated by the Internet—occurs when someone unlawfully obtains another’s personal information and uses it to commit theft or fraud. The FBI uses both its cyber and criminal resources—along with its intelligence capabilities—to identify and stop crime groups in their early stages and to root out the many types of perpetrators, which span the Bureau’s investigative priorities.

More on the FBI’s efforts to combat identity theft.

Online Predators

The FBI’s online predators and child sexual exploitation investigations are managed under our Violent Crimes Against Children Program, Criminal Investigative Division. These investigations involve all areas of the Internet and online services, including social networking venues, websites that post child pornography, Internet news groups, Internet Relay Chat channels, online groups and organizations, peer-to-peer file-sharing programs, bulletin board systems, and other online forums.

Initiatives and Partnerships

The Internet Crime Complaint Center

The mission of the Internet Crime Complaint Center (IC3) is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated fraud schemes and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.

Visit the IC3’s website for more information, including IC3 annual reports.

Cyber Action Team

It can be a company’s worst nightmare—the discovery that hackers have infiltrated their computer networks and made off with trade secrets, customers’ personal information, and other critical data. Today’s hackers have become so sophisticated that they can overcome even the best network security measures. When such intrusions happen—and unfortunately, they occur frequently—the FBI can respond with a range of investigative assets, including the little-known Cyber Action Team (CAT). This rapid deployment group of cyber experts can be on the scene just about anywhere in the world within 48 hours, providing investigative support and helping to answer critical questions that can quickly move a case forward.

Established by the FBI’s Cyber Division in 2006 to provide rapid incident response on major computer intrusions and cyber-related emergencies, the team has approximately 50 members located in field offices around the country. They are either special agents or computer scientists, and all possess advanced training in computer languages, forensic investigations, and malware analysis. And since the team’s inception, the Bureau has investigated hundreds of cyber crimes, and a number of those cases were deemed of such significance that the rapid response and specialized skills of the Cyber Action Team were required. Some of those cases affected U.S. interests abroad, and the team deployed overseas, working through our legal attaché offices and with our international partners.

Members of the team make an initial assessment, and then call in additional experts as needed. Using cutting-edge tools, the team look’s for a hacker’s signature. In the cyber world, such signatures are called TTPs—tools, techniques, and procedures. The TTPs usually point to a specific group or person. The hackers may represent a criminal enterprise looking for financial gain or state-sponsored entities seeking a strategic advantage over the U.S.

National Cyber Forensics & Training Alliance

Long before cyber crime was acknowledged to be a significant criminal and national security threat, the FBI supported the establishment of a forward-looking organization to proactively address the issue. Called the National Cyber-Forensics & Training Alliance (NCFTA), this organization—created in 1997 and based in Pittsburgh—has become an international model for bringing together law enforcement, private industry, and academia to build and share resources, strategic information, and threat intelligence to identify and stop emerging cyber threats and mitigate existing ones.

Since its establishment, the NCFTA has evolved to keep up with the ever-changing cyber crime landscape. Today, the organization deals with threats from transnational criminal groups including spam, botnets, stock manipulation schemes, intellectual property theft, pharmaceutical fraud, telecommunications scams, and other financial fraud schemes that result in billions of dollars in losses to companies and consumers.

The FBI Cyber Division’s Cyber Initiative and Resource Fusion Unit (CIRFU) works with the NCFTA, which draws its intelligence from the hundreds of private sector NCFTA members, NCFTA intelligence analysts, Carnegie Mellon University’s Computer Emergency Response Team (CERT), and the FBI’s Internet Crime Complaint Center. This extensive knowledge base has helped CIRFU play a key strategic role in some of the FBI’s most significant cyber cases in the past several years.

Violent Crimes Against Children/Online Predators

Even with its post-9/11 national security responsibilities, the FBI continues to play a key role in combating violent crime in big cities and local communities across the United States…

Because of the global reach of cyber crime, no single organization, agency, or country can defend against it. Vital partnerships like the NCFTA are key to protecting cyberspace and ensuring a safer cyber future for our citizens and countries around the world.

For more information visit the National Cyber-Forensics & Training Alliance website.

iGuardian

With cyber threats continuing to emerge at the forefront of the FBI’s criminal and national security challenges, engaging public-private partners in information exchange alongside law enforcement and intelligence communities…

National Cyber Investigative Joint Task Force

As a unique multi-agency cyber center, the National Cyber Investigative Joint Task Force (NCIJTF) has the primary responsibility…

Cyber Task Forces: Building Alliances to Improve the Nation’s Cybersecurity

Each Cyber Task Force synchronizes domestic cyber threat investigations in the local community through information sharing, incident response…

eGuardian

In 2007, eGuardian was developed to help meet the challenges of collecting and sharing terrorism-related activities amongst law enforcement agencies across various jurisdictions. The eGuardian system is a sensitive but…

Protections

How to Protect Your Computer

Below are some key steps to protecting your computer from intrusion:

Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Safe Online Surfing

The FBI Safe Online Surfing (FBI-SOS) program is a nationwide initiative designed to educate children in grades 3 to 8 about the dangers they face on the Internet and to help prevent crimes against children.

It promotes cyber citizenship among students by engaging them in a fun, age-appropriate, competitive online program where they learn how to safely and responsibly use the Internet.

The program emphasizes the importance of cyber safety topics such as password security, smart surfing habits, and the safeguarding of personal information.

For more information, visit the Safe Online Surfing website.

External Links & Resources

Source: U.S. Department of Justice, “Cyber Crime” https://www.fbi.gov/ website. Accessed January 25, 2016. https://www.fbi.gov/about-us/investigate/cyber

© Copyright 2017. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.