Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Financial crime. Show all posts

Australia's New Cyber Law Combats Emerging Threats

 


A new Cyber Security Act has been passed into law by the Australian government, which we should consider a very important step in our mission to protect Australians from threats posed by cyberspace. Having adopted this package, Australia will gain a cohesive legislative toolbox allowing the country to move forward with clarity and confidence in an ever-evolving cyber landscape as the law develops. Specifically, the Cyber Security Act enacts seven initiatives, first described in the Cyber Security Strategy, that will strengthen cyber security. 

A ransomware attack, also known as a crypto locker, remains one of the most common forms of cyberattack, and they are particularly dangerous because they can have such powerful effects. By 2031, it is estimated that the total cost of ransomware damage will exceed $265 billion in the world. The level of vulnerability of an organization to these attacks can vary from the smallest to the largest.

As part of the attack on Indonesia, a hacking group infected critical systems at a national data centre in July, causing over 230 government agencies and services to be down for about a week. During the past week, after the passing of Australia's first-ever Cyber Security Act, various measures have been introduced into the nation's defences to improve their security. 

A key provision of this legislation is that organizations are required to inform the government if they pay ransomware criminals - a practice that has gained popularity across the globe increasingly in recent years. Cyber Security Act 2013 is implemented under the Australia 2023-2030 Cyber Security Strategy. According to the policy, Australia was aiming to reposition itself as a leader in cyber resilience through some steps in the law, including the creation of a National Cyber Security Coordinator to coordinate a cohesive national response to cyber incidents. 

Australia's Cyber Security Minister Tony Burke made a statement in a media release regarding the Act, saying that it was "the cornerstone of the mission to protect Australians from cyber threats" and that "it forms a cohesive legislative toolbox which will enable Australia in the face of a rapidly evolving cyber landscape to move forward with clarity and confidence." 

As a result, experts have strongly urged IT leaders to update their cyber security incident response plans to take into consideration the legislative changes. Should a cyber security attack or crisis occur, they will need to communicate with the government in new ways to make sense of the confusing situation. A major change that has a direct impact on Australian organizations is the introduction of a mandatory reporting requirement for ransomware payments, as well as a new voluntary reporting regime for cyber incidents, which is intended to become mandatory over time as a consequence of the upcoming changes. 

There will be an obligation for organizations of a certain size to report ransomware payments to the government. According to the local law firm Corrs Chambers Westgarth, although the size threshold hasn't been determined, it's expected the mandate will apply to businesses with a sales turnover of more than AUD 3 million when the mandate becomes effective. The Department of Home Affairs and the Australian Signals Directorate are obligated to receive a report stating that a ransomware payment was made within 72 hours of receiving it.

Corrs is telling The Australian Financial Review that if organizations fail to report these payments, they could face a civil penalty of AUD $93,900, which is currently the value that Corrs is claiming. The report notes that despite the new mandate, the government's policy remains the same that organizations should not pay ransoms to avoid being held hostage. As per the government's view, paying ransoms to cyber-crime gangs does not contribute to the functioning of their business model, but rather only helps them keep their operations viable - and it cannot be guaranteed that organizations will be able to get their data back or keep it private from other people. 

With the new Act, a new framework was enacted for the voluntary reporting of cyber incidents, which was an excellent development. When an organisation suffers a cyberattack, the measure aims to encourage more free information sharing during those times when there is a risk of harm to other parties in the public and private sectors as well as a wider community, in order to benefit both.

In addition to the NCSC overseeing the system, any organization doing business in Australia can report incidents to the organization with the understanding that they are protected somewhat by a "limited use" obligation, which limits what the NCSC can do with the information it receives. As an example, it is important to note that by reporting a significant cyber security incident, the NCSC will be able to utilize the information for a variety of purposes under the law, such as preventing or mitigating threats to critical infrastructure and national security, and supporting intelligence agencies or law enforcement agencies, according to Corrs. 

As a result of the new regulatory obligations, organizations will have to adjust their plans in order to ensure compliance with the regulations. To ensure that these changes will be incorporated into future cyber security tabletop exercises, the CISOs and security teams will be vital in adjusting plans to account for these changes. According to Corrs, the trigger for a company to report a ransomware payment to the authorities is the payment itself rather than the fact that they receive a demand for payment from the victim.

In addition, this will have an impact on both how organizations manage these cyber decisions and how they choose to communicate them to their stakeholders. Those organisations that are classified as critical infrastructure companies under Australian privacy laws and the SOCI Act may also be required to report on an overlapping basis and within different timelines. In addition to that, if they are listed on the Australian Stock Exchange, they will be required to make continuous disclosures.

The Rising Threat of Payment Fraud: How It Impacts Businesses and Ways to Counter It

 

Payment fraud continues to be a significant and evolving threat to businesses, undermining their profitability and long-term sustainability. The FBI reports that between 2013 and 2022, companies lost around $50 billion to business email compromise, showing how prevalent this issue is. In 2022 alone, 80% of enterprises faced at least one payment fraud attempt, with 30% of affected businesses unable to recover their losses. These attacks can take various forms, from email interception to more advanced methods like deep fakes and impersonation scams. 

Cybercriminals exploit vulnerabilities, manipulating legitimate transactions to steal funds, often without immediate detection. Financial losses from payment fraud can be devastating, impacting a company’s ability to pay suppliers, employees, or even invest in growth opportunities. Investigating such incidents can be time-consuming and costly, further straining resources and leading to operational disruptions. Departments like finance, IT, and legal must shift focus to tackle the issue, slowing down core business activities. For example, time spent addressing fraud issues can cause delays in projects, damage employee morale, and disrupt customer services, affecting overall business performance. 

Beyond financial impact, payment fraud can severely damage a company’s reputation. Customers and partners may lose trust if they feel their financial information isn’t secure, leading to lost sales, canceled contracts, or difficulty attracting new clients. Even a single fraud incident can have long-lasting effects, making it difficult to regain public confidence. Businesses also face legal and regulatory consequences when payment fraud occurs, especially if they have not implemented adequate protective measures. Non-compliance with data protection regulations like the General Data Protection Regulation (GDPR) or penalties from the Federal Trade Commission (FTC) can lead to fines and legal actions, causing additional financial strain. Payment fraud not only disrupts daily operations but also poses a threat to a company’s future. 

End-to-end visibility across payment processes, AI-driven fraud detection systems, and regular security audits are essential to prevent attacks and build resilience. Companies that invest in these technologies and foster a culture of vigilance are more likely to avoid significant losses. Staff training on recognizing potential threats and improving security measures can help businesses stay one step ahead of cybercriminals. Mitigating payment fraud requires a proactive approach, ensuring businesses are prepared to respond effectively if an attack occurs. 

By investing in advanced fraud detection systems, conducting frequent audits, and adopting comprehensive security measures, organizations can minimize risks and safeguard their financial health. This preparation helps prevent financial loss, operational disruption, reputational damage, and legal consequences, thereby ensuring long-term resilience and sustainability in today’s increasingly digital economy.

E-Challan Fraud, Man Loses Rs 50,000 Despite Not Sharing Bank OTP

 

In a cautionary tale from Thane, a 41-year-old man, M.R. Bhosale, found himself embroiled in a sophisticated online scam after his father fell victim to a deceptive text message. The incident sheds light on the dangers of trusting unknown sources and underscores the importance of vigilance in the digital age. 

Bhosale's father, a diligent auto-rickshaw driver in Ghatkopar, received a seemingly official text message from the Panvel Traffic Police, notifying him of a traffic violation challan against his vehicle. The message directed him to settle the fine through a designated app called Vahan Parivahan, with a provided download link. Unbeknownst to him, the message was a clever ruse orchestrated by scammers to dupe unsuspecting victims. 

When Bhosale's father encountered difficulties downloading the app, he sought his son's help. Little did they know, their attempt to rectify the situation would lead to financial loss and distress. Upon downloading the app on his device, Bhosale encountered a barrage of One-Time Passwords (OTPs), signalling a red flag. Sensing trouble, he promptly uninstalled the app. 

However, the damage had been done. A subsequent check of his bank statement revealed unauthorized transactions totalling Rs 50,000. With resolve, Bhosale wasted no time in reporting the incident to the authorities. A formal complaint was filed, detailing the deceptive mobile number, fraudulent link, and unauthorized transactions. 

In response, the police initiated an investigation, invoking sections 66C and 66D of the Information Technology Act to pursue the perpetrators and recover the stolen funds. This unfortunate ordeal serves as a stark reminder of the prevalence of online scams and the importance of exercising caution in the digital realm. To avoid falling victim to similar schemes, users must remain vigilant and skeptical of unsolicited messages or unfamiliar apps. 

Blind trust in unknown sources can lead to devastating consequences, as Bhosale's family discovered firsthand. Furthermore, it is essential to verify the authenticity of communications from purported official sources and refrain from sharing personal or financial information without thorough verification. 

In an era where online scams abound, skepticism and diligence are paramount. As the investigation unfolds, Bhosale's story serves as a cautionary tale for all internet users. By staying informed, exercising caution, and seeking assistance when in doubt, individuals can protect themselves from falling prey to online scams.

Public WiFi Convenience Leads to Cyber Threats, Read to Know Everything

 

Cybersecurity experts are issuing a stern warning to Scots regarding the potential dangers lurking within public WiFi networks. While the convenience of accessing the internet on the go, such as during train commutes, may seem appealing, experts emphasize the significant cybersecurity risks that accompany such practices. 

One of the primary concerns raised by cybersecurity professionals is the phenomenon known as "session hijacking." In this scenario, cybercriminals exploit vulnerabilities present in public WiFi networks to gain unauthorized access to users' devices while they are browsing online. 

Let’s Understand ‘Session Hijacking’ in Simple Words 

Session hijacking, a prevalent cybersecurity attack, occurs when an attacker gains control of an individual's internet session while they are engaged in activities such as checking their credit card balance, paying bills, or shopping online. 

Typically, session hijackers target browser or web application sessions to perpetrate their attacks. Once a session hijacking attack is successful, the attacker gains the ability to perform any action that the victim could undertake on the targeted website. Essentially, the hijacker deceives the website into believing that they are legitimate users, thereby granting them unauthorized access and control over the victim's session.  And it can lead to various cyber-crimes and financial scams. 

Do You Know What Risks Lurking in Public WiFi Networks? 

Vincent van Dijk MSc a cybersecurity expert, warns individuals about the lurking dangers within public WiFi networks, highlighting three prevalent cyber threats: 

1. Man-in-the-Middle attacks 
2.  Evil Twin attacks 
3. Malware Present in Networks 

In a Man-in-the-Middle attack, hackers infiltrate the public network, intercepting data as it travels from a connected device to the WiFi router. Vincent explains the severity of this threat, stating, "If you are engaged in online banking during such an attack, hackers can easily access your passwords and account information. Your credit card numbers, email addresses, and other personal details become vulnerable to theft." 

Evil Twin attacks present another insidious threat. When users search for a public WiFi hotspot, they may encounter a fraudulent network pretending as a legitimate one. These malicious networks often bear names strikingly similar to authentic ones, such as 'Free University Wi-Fi2' or 'Station Wi-Fi04.' Therefore, connecting to these clones exposes users to scammers, compromising their private data and leaving them susceptible to exploitation. 

Further, Vincent explains that when hackers successfully infect a network with malware, they gain the ability to distribute harmful software bugs to any device connected to it. As a cautionary measure, he advises users to exercise caution if they encounter unexpected pop-up notifications while connected to such networks. Clicking on these pop-ups could inadvertently lead to exposure to infected links, putting users' devices and sensitive information at risk. 

Following the concerns related to public WiFi, experts suggested public to use Virtual Private Networks (VPNs) and verify network authenticity while using Public Wifi. By doing so users can mitigate the risks associated with public WiFi usage, safeguarding their sensitive information from cybercriminals.

MarineMax's Cyber Resilience: Responding to SEC on Cyberattack Incident

 


MarineMax, a national retailer of boats and million-dollar yachts, reported on March 12 that a "cybersecurity incident" disrupted its operations, according to documents filed with the Securities and Exchange Commission (SEC). 

According to the company, unauthorized access to the information systems of the company was gained by a third party. However, the company has not indicated who the threat actor is, or what type of attack occurred, whether it was a ransomware attack or an incident of another nature. 

Many of MarineMax's internal systems were rendered unavailable as a result of the attack, which is believed to have started on Sunday, and caused significant delays in customer service, sales, and customer support for MarineMax customers across the country. 

There has also been a significant decline in MarineMax dealership sales and service as IT systems deal with the aftermath of the hurricane. In addition to financing approvals, inventory availability, and overall deal progression, many dealerships are reporting problems with the dealership's sales and service processes. 

As a result of the attack, MarineMax has not discontinued its operations, but cybersecurity experts were hired to assist in the investigation and law enforcement was also notified. People asked the company if it was dealing with a ransomware attack or another type of cyber incident, but they did not respond to my inquiry. 

As the filing indicates, the attack has not materially affected the company's operations. However, officials are still assessing whether it will at some point in the future based on their findings.  Although MarineMax has not responded to questions as to whether data was stolen, it doesn't maintain sensitive data in the environment impacted by the incident, which has mentioned in the filing that these are not stored there. 

During a recent cyber attack, MarineMax was subjected to an incident that was deemed a 'cybersecurity incident', as defined in rules provided by the Securities and Exchange Commission. The incident involved the compromise of portions of the company's information environment by an unauthorized party, as detailed in the filing by MarineMax. 

The Securities and Exchange Commission recently amended its incident-disclosure rules to require a Form 8-K to be filed within 24 hours of the organization determining a cyber-incident to be material. This means that it has a significant impact on operational performance and could have a potential impact on investors' investments.

Last year, several industry giants faced a cyberattack, including Brunswick Corporation, which manufactures boats and parts for ships, a company that has been in the boating industry since the late 1800s. 

An incident that affected the production of marine electronics at a subsidiary of the company in June, that cost the company more than $85 million, was reported by the company.  A German manufacturer of luxury yachts and military vessels also came under attack by ransomware over the Easter weekend in 2023, which occurred over the Easter holiday.

Identity Fraud Affects Two Million Brits in 2023



In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their identity to open financial accounts. This percentage, when extrapolated to the adult UK population, equates to approximately 1.9 million people. While this marks a decrease from 2022 when 7.7% reported such incidents, there's a concern that the actual numbers could be higher.

According to Sarah Rutherford, senior director of fraud marketing at FICO, the data only represents those who are aware of their stolen identity being used for financial fraud. Many individuals might not immediately discover such fraudulent activities, and perpetrators often exploit stolen identities multiple times, amplifying the overall impact.

The report identifies this type of fraud as the most worrisome financial crime for UK citizens, with 30% expressing concern. Following closely are fears of credit card theft and bank account takeovers by fraudsters, at 24% and 20%, respectively.


Consumer Preferences and Concerns Drive Financial Organisations' Strategies

FICO's research emphasises the significant impact that robust fraud protection measures can have on financial organisations. Approximately 34% of respondents prioritise good fraud protection when selecting a new account provider, and an overwhelming 73% include it in their top three considerations. However, 18% stated they would abandon opening a bank account if identity checks were too challenging or time-consuming, highlighting the importance of achieving a balance between security and user convenience.

Biometric authentication emerged as a favoured choice among respondents, with 87% acknowledging its excellent security features. Fingerprint scanning ranked highest among biometric methods, preferred by 38% of participants, followed by face scans (34%) and iris scans (25%). In contrast, only 17% believed that the traditional combination of username and password provides excellent protection.

Sarah Rutherford expressed optimism about the shift in attitudes towards new verification tools such as iris, face, and fingerprint scans, as individuals increasingly recognise the benefits they offer in enhancing security.


Commercial Impact

The study suggests that financial institutions incorporating strong fraud protection measures may reap significant commercial benefits. With consumer preferences indicating a growing emphasis on security, financial organisations must navigate the challenge of implementing effective identity checks without compromising the ease of service. Striking this balance becomes crucial, especially as 20% of respondents indicated they would abandon the account opening process if identity checks were deemed too cumbersome.


Amidst growing concerns surrounding identity fraud affecting a significant portion of the British population, there is a discernible shift towards the acceptance of advanced biometric authentication methods. Financial organizations are urged to prioritise formidable fraud protection measures, not only to enhance consumer appeal but also to reinforce security protocols for sensitive information. This imperative reflects the industry's transformation, shedding light on the growing importance of heightened security measures address the increasing challenges of identity theft.


Phone Scam Siphons Over $200,000 from Bank Account Holder

A bank account holder recounts losing over $200,000 due to phone accessibility issues. Heidi Diamond became a victim of a cyber scam known as sim-swapping, resulting in the depletion of her bank account. Sim-swapping involves fraudsters deceiving cell phone companies by assuming someone else's identity, enabling them to access personal information and manipulate phone services.

The fraudulent tactic begins with perpetrators obtaining personal details online and contacting phone service providers, claiming the loss or theft of the targeted individual's device. Once convincing the company of ownership, they activate the phone using the victim's SIM card, thereby gaining control over the device and its data. This renders the original owner's SIM card and phone inactive.

Diamond said this factor made the ordeal particularly tedious,  according to InvestigateTV. “It was such a panic that you know that something was so out of your control,” she said.

Sim-swapping circumvents typical security measures such as two-factor authentication, allowing criminals to breach sensitive accounts like bank accounts. Despite her bank reimbursing the stolen funds, Diamond remains dissatisfied with the lack of apprehension of the perpetrators, expressing a desire for justice.

Acknowledging the increasing prevalence of sim-swapping, the FBI has cautioned the public about its risks. Many remain unaware of this form of fraud, unlike more commonly recognized scams. The FBI disclosed that sim-swapping has resulted in a staggering $141 million in losses thus far.

Echoing Diamond's plight, other victims have shared their harrowing experiences, including Sharon Hussey, who lost $17,000 despite having robust security measures in place. Hussey received an unauthorized purchase confirmation from Verizon before her funds vanished, underscoring the severity and sophistication of sim-swapping attacks.

Thane: Massive 16,180 Crore Bank Hacking Fraud Uncovered, National Probe Underway

 

An FIR has been filed by Thane Police against a group of individuals, among them an ex-banker, who is accused of hacking into the account of a supplier of payment gateway services and withdrawing money of Rs 16,180 crore. The heist was carried out over time using several different bank accounts. 

On Sunday, a police spokesperson from Thane stated that the fraud had been continuing for a while. However, it was discovered following the filing of a complaint regarding the hacking of the company's account and the theft of Rs25 crore. According to a Mint report, no arrests have been made as of yet in the Rs 16,180 crore robbery case. 

But when the police started investigating into the complaint, a major theft worth 16,180 crore rupees was discovered. Under Indian Penal Code sections 420 (cheating), 409 (criminal breach of trust), 467, 468 (forgery), 120B (criminal conspiracy), and 34 (common intention), an FIR has been filed against Sanjay Singh, Amol Andale @ Aman, Kedar @ Sameer Dighe, Jitendra Pandey, and another unidentified person. 

The suspected wrongdoers are charged with illegally forming unregistered partnership firms using fake documents in order to deceive the government. As many as 260 bank accounts have been found to be linked to these duplicitously formed partnership firms, enabling transactions totalling the enormous sum indicated.

A few months ago, an unknown person successfully breached the software of Safex Payout and carried out a Rs 25 crore fraud, which served as the initial impetus for this investigation. The legal counsel for the business quickly reported a hacking and cyber fraud incident to the Srinagar police station, which drove Thane police's cyber cell to take over the investigation. 

Investigators were able to further disentangle the complex web of deceit when they discovered a fraudulent transfer of Rs 1.39 crore to an account owned by Riyaal Enterprises, a company having branches in Navi Mumbai's Vashi and Belapur. Law enforcement authorities searched these places and found a treasure trove of paperwork, including multiple bank accounts and company contracts. 

When these documents were thoroughly examined, it became clear that five partnership firms had been created at the same address using forgeries and counterfeits to use several people's names. According to Nagpur Today, inquiries posed to workers of Riyaal Enterprises resulted in information on an astounding 250 bank accounts and notarized partnership company agreements, all of which raised red flags.

Cybercrime to Cost Global Economy $10.5 trillion By 2025

 

A report from Cybersecurity Ventures estimates that by 2025, cybercrime will have cost the global economy up to $10.5 trillion. According to a recent Gartner survey, by then, more than half of all cybersecurity assaults will be attributable to human error or a lack of talent.

What areas are most vulnerable, and how can consumers defend themselves against fraud and other online crimes? 

Small-scale companies 

Small firms are subject to three times as many cyberattacks as larger organisations, according to a Barracuda Networks analysis that Forbes highlighted. Often, employee training can stop these attacks. When compared to a company with more than hundred employees, smaller businesses endure 350% more social engineering attacks. 

Threats exist in every sector, but reports suggest that user data is the target of the majority of attacks, which puts businesses in the retail and e-commerce, healthcare, and financial sectors at greatest danger. 

Productivity of employees 

Cyber threats not only put money at risk, but they also impact employee productivity. More than half of small firms said that after an attack, their website was down for up to 24 hours. Additionally, data breaches can increase workplace stress and lower the spirits of workers.

Healthcare 

Cyber attacks provide a serious threat to the healthcare sector. Based on the research from Nozomi Networks, healthcare is one of the most often targeted areas for cyberattacks, despite the fact that healthcare organisations in the U.S. must strictly adhere to specific regulations, known as HIPAA laws, to protect patient data. 

Banking and finance 

The financial services sector is more vulnerable to cyberattacks than many other industries, which is understandable given the reasons behind this. Financial institutions are 300 times more likely to be the target of cyberattacks than other kinds of organisations, according to a Boston Consulting Group analysis. Based on an IBM X-Force survey, 71% of those attacks are directed at banks, and 16% are directed at insurance companies. 

Safety measures

Businesses have a responsibility to deploy cybersecurity protective measures to safeguard their customers. However, you may also help to avoid cyberattacks as a customer or employee, particularly when it comes to shielding your own financial or medical data. 

As a first line of defence against fraud and cybercrime, follow these simple tips:

On public WiFi networks, never share any personal information, including passwords. Online banking and shopping can be done safely from home. Don't disclose private information to ChatGPT or other AI programmes, especially bank information or passwords. 

Additionally, set strong and secure passwords with a password manager and, when available, use 2-factor authentication systems at work and at home.

STYX Marketplace: An Emerging Platform Aiding Financial Crimes


STYX, a new dark web marketplace is turning into a booming hub for purchasing and selling illicit services or stolen data. STYX is a new dark web marketplace that was launched earlier this year, and it seems to be on the right track for turning into a booming hub for purchasing and selling illicit services or stolen data. 

The platform provided services facilitating  financial crime like money laundering, identity theft, distributed denial-of-service (DDoS), bypassing two-factor authentication (2FA), fake or stolen IDs and other personal data, renting malware, using cash-out services, email and telephone flooding, identity lookup, and much more. 

The marketplace was officially launched on January 19. However, cyber analysts at threat intelligence at Resecurity, a threat intelligence company, claims to have sighted mentions of STYX on the dark web since early 2022, when the founders were still creating the escrow module. 

Apparently, STYX accepts payments using a variety of cryptocurrencies and has a dedicated section for approved vendors, in an effort to gain trust in the platform. 

All Things Financial-crime

Following the discovery of the notorious platform, it was further noted that STYX was involved in the post-pandemic menace of cyber-enabled financial crime. Adding to this is the threat it posses to financial institutions and their customers. 

STYX was discovered at the same time as Resecurity financial crime risk analysts noticed a sharp rise in threat actors providing services for money laundering that target cryptocurrencies and digital banking accounts. 

Resecurity’s research also determines some of the most used cyber-crime tactics by threat actors, namely cybercriminal cash-outs, and the use of virtual credit cards (VCCs) and NFC merchant terminals that are illicitly operated to aid in cybercrime activities. 

Moreover, the investigation led to the discovery of 100 mules account. Following which, the firm shared these accounts to the victims, allowing them to speedily identify money mule rings and other linked criminal organizations that were previously undetected. 

“Resecurity also identified a group of trending cash-out vendors that charge commissions based on the exact BIN of the card and brand of gift card,” the researchers stated in a report. 

Apparently, STYX accommodates a great number of cash-out shops across the world, that offers “clean” funds via Apply Pay, PayPal business accounts with merchant terminals, and other financial institutions in the U.S., U.K., and Canada. 

The emergence of STYX as a new platform for financially motivated cybercriminals demonstrates the continued profitability of the black market for services. 

To reduce the effectiveness of the services offered in these criminal markets, digital banks, online payment platforms, and e-commerce systems must accept the challenge and improve their KYC checks and fraud defenses.