Sharing intelligence helps us beat cybercriminals

Content image - Phnom Penh Post
To best capitalise on new attack strategies in Southeast Asia like botnets, cryptojacking, and ransomware, cybercriminals collaborate through a variety of networks. For example, less tech-savvy criminals simply buy ransomware services or kits from more technical hackers. UNSPLASH

Covid-19 has changed the way the financial services industry operates in a very short time. The digitisation of financial products and services has accelerated, and operations, most of which had previously taken place in traditional office and bank branch settings, have rapidly gone remote.

Both trends have increased the attack surface of the industry, giving cybercriminals new avenues to target sensitive customer and company data. Indonesia is particularly vulnerable to these new threats. The country has already been in the midst of rapid digitisation of financial services, with new payment platforms like Gojek’s GoPay and OVO.

GlobalWebIndex reports that Indonesia also has the highest rate of e-commerce use in the world – an overwhelming 90 per cent of internet users between 16 and 64 years old say they shop online.

New, rapidly growing digital platforms and customers who are inexperienced in transacting online are ripe targets for cybercriminal networks, and the pandemic has offered a whole new set of lures. For example, more than 98,000 high-risk domains were created with a Covid-19 theme from January through the first week of April, according to DomainTools.

Financial Services Information Sharing and Analysis Centre (FS-ISAC) found more than 1,500 financially-themed domains offering Covid-19 related credit, loans, insurance and more. The bulk of the domains were created in March. By the second week of April, the numbers of new high-risk domains were down 92 per cent following a crackdown by domain registrars. The sudden rise and fall of this tactic shows how threats are constantly evolving, with cybercriminals quick to exploit a vulnerability and then change tactics once defences are built.

To best capitalise on new attack strategies in Southeast Asia like botnets, cryptojacking, and ransomware, cybercriminals collaborate through a variety of networks. For example, less tech-savvy criminals simply buy ransomware services or kits from more technical hackers. Criminal groups are now not simply holding stolen data for ransom and returning it to the victim after payment, but also posting it online for other threat actors to use and even auctioning it off on the dark web.

Many cybercriminal networks run like formal, legitimate companies, with diverse functions and organisational roles like CEOs, recruiters and even customer service agents who, for example, guide victims through how to pay to recover their data or regain access to their systems.

Now more than ever, the only way to stay ahead of these sophisticated criminal networks is for us to work together as well. In financial services, this is especially crucial, since large-scale attacks on financial institutions could damage overall customer trust in the financial system, which has ramifications for the whole industry as opposed to just the individual victims of the attack.

Sharing cyber intelligence is one key way to reduce cyber risk. Organisations like information sharing and analysis centres (ISACs) facilitate sharing in a trusted environment using a secure member portal, a set of guidelines for how information can be shared, and smaller circles of trust for specific communities within different sectors and regions.

ISACs enable intelligence sharing for the global financial services industry. FS-ISAC in Singapore, for example, serves member institutions across Asia-Pacific, giving them a platform to share country-specific threat activity and cybersecurity best practices in areas such as incident response and third-party risk management.

Through a wide variety of events and meetings, FS-ISAC helps build trust in the community and between members. It also offers resiliency exercises to build our industry’s capacity to protect and defend against new types of attacks.

While financial institutions may be wary of sharing intelligence with their competitors, the faster the intelligence is shared, the higher the chance for other firms to put up defences against the threat. This prevents cybercriminals from using the same attack strategy multiple times, forcing them to find a different approach or at least build new attack infrastructure, lowering their return on investment and making cybercrime more expensive.

As cybercriminals constantly evolve and become more sophisticated, the need for intelligence sharing is more important than ever. The cyberattacks related to Covid-19 have proved how quickly new attack vectors can emerge.

Since no institution can anticipate every threat all the time, the financial services industry needs to learn from the threat actors themselves and build trusted relationships within the industry through peer-to-peer intelligence sharing. Only by collaborating as they do can we beat cybercriminals at their own game.

Brian Hansen is executive director Asia Pacific at FS-ISAC.

THE JAKARTA POST/ASIA NEWS NETWORK