Product Family
<p style="margin: 0in 0in 10pt;"><span style="color: #151515;">It was quite the disappearing act.&nbsp; More than USD 80 million vanished from the Bank of Bangladesh, before anyone even noticed last February. Fortunately, that&rsquo;s all that went missing.&nbsp;Originally, the criminals set out to steal nearly $1 billion from the bank&rsquo;s account at the Federal Reserve Bank of New York.&nbsp; ​</span><span style="color: #151515;">The hackers, however, did succeed in installing malware in the Bangladesh central bank&rsquo;s computer systems and then they watched, probably for weeks.&nbsp;They observed how to go about withdrawing money from the bank&rsquo;s US account using its credentials for the SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging system.&nbsp;SWIFT is used by banks around the world along with other financial institutions like brokerages, securities dealers, asset management companies, and others, for secure financial communication.&nbsp;The perpetrators got access to the codes the banks use to connect to the SWIFT global payments network to request fund transfers that were directed elsewhere and then quickly gone.​</span><span style="color: #151515;">Bangladesh&rsquo;s central bank was not alone in suffering such a cyber-attack. A month prior, an Ecuadorean lender suffered a USD 12 million loss. Another attack trying to steal about USD 1 million from a Vietnamese bank late last year was thwarted.&nbsp; ​</span><span style="color: #151515;">These are all- too-frequent occurrences. </span><span>In the UK, for instance, the nation&rsquo;s </span><span>&nbsp;</span><strong><span style="padding: 0in; border: 1pt windowtext; border-image: none;">National Crime Agency</span></strong><span><strong>&nbsp;</strong>(NCA) recently issued its </span><a href="" target="_blank"><span style="padding: 0in; border: 1pt windowtext; border-image: none; text-decoration: underline;">Cyber Crime Assessment 2016</span></a><span>&nbsp; report, showing that cybercrime has emerged as the largest&nbsp;proportion of total crime in the U.K.&nbsp; According to the report, &ldquo;cyber enabled fraud&rdquo; represents 36 percent of all crime reported in the UK, and &ldquo;computer misuse&rdquo; accounting for 17 percent.&nbsp; ​</span><span>Even the US Federal Reserve itself cited that it suffered more than 50 cyber breaches between 2011 and 2015.&nbsp; In June, Reserve Chair Janet Yellen spoke at a Senate Banking Committee hearing acknowledging the need for the central bank to supervise financial institutions&rsquo; ability to address such cyber threats.&nbsp; In June, <span style="background: white;">The Federal Reserve&rsquo;s Office of the Inspector General announced that it will audit the board&rsquo;s oversight of cybersecurity threats to financial institutions, focusing its review on how the system's cybersecurity examination process has evolved and&nbsp;whether it's providing adequate oversight of banks' information security controls and cyber threats. </span>The findings are expected to be released by the end of the year.</span></p><p style="margin: 0in 0in 10pt;"><span style="background: white; color: black;"><strong>The Culprits</strong></span><span style="color: #151515;">Who is carrying out these cyber hacks?&nbsp; All indicators are pointing to one prime suspect &ndash; Dridex, a notorious cyber gang of criminals operating in Russia and former parts of Eastern Europe. The disciplined, highly organized gang &nbsp;operates very much like any other business, however, during its 9-5, Monday-to-Friday work week it sends millions of phishing emails to unsuspecting companies.&nbsp;Its malware, which is also known as Dridex, infects an average of 3,000 to 5,000 computers a day.&nbsp; ​</span><span style="color: #151515;">Once released onto a computer, the malware lurks in the background, watching everything the user does, waiting for some online banking activity. When that </span><span>happens, that&rsquo;s when they really go into action, using &nbsp;keystroke logging or web&nbsp;injections&nbsp;to steal user names and passwords that can be used to carry out its own transactions later on. ​</span><span>Dridex isn&rsquo;t alone either.&nbsp;Others including the Carbanak and Metel cyber gangs have their own criminal schemes. These gangs look to gain control over machines inside a bank that have access to money transactions.&nbsp;With this access, they attempt to automate the rollback of ATM transactions.&nbsp;The rollback capability ensures that the balance on debit cards remains the same regardless of the number of ATM transactions made. Individual gang member drive around emptying out ATM machines to steal money. As the attackers empty ATM after ATM &ndash;&ndash; the balances on the stolen accounts used</span><span> </span><span>to pull off the scam remained unaltered, allowing further withdrawals.&nbsp; ​</span><span>Metel was found inside 30 institutions, primarily in Russia.&nbsp;Carbanak is the prime suspect in the theft of some $1 billion in two years from 100 different banks in nearly 30 countries using spear phishing emails targeting bank employees. Its targets were mainly Russian financial institutions, followed by banks in Denmark and the US.​</span><span style="color: #151515;">And these cybercriminals are quite innovative, quickly learning new hacking techniques to infiltrate institutions of all kinds.&nbsp; Recently authorities have dealt with the emergence of new ransomware with names such as &ldquo;Locky&rdquo; and &ldquo;Bart.&rdquo;&nbsp; Ransomware is an advanced type of malware that restricts access to the computer system altogether until the infected party pays a fee to regain access.​</span></p> <strong>Upgraded Security​</strong>The second verse of the song,<em> </em><em>Hail, hail, the gang</em><em>&rsquo;s all here</em><em>, </em>is ironically<em>, </em><em>&ldquo;What the heck do we care.&rdquo;&nbsp;</em>The tenacity of these cyber gangs however have given a lot of people a reason to care. ​In addition to conducting regular audits and building strong information security awareness protocols, businesses, no matter what industry, are wise to reinforce some simple, yet vital, messages to all colleagues.&nbsp;Specifically, delete any suspicious-looking emails and be wary of attachments.&nbsp; ​Individual employees are every company&rsquo;s first line of cyber defense.&nbsp;Raising awareness of security risks and how these risks could cause an issue with the information and/or network security is a valuable investment for any company&rsquo;s cyber security program. Like many companies, mine&nbsp;&ndash;&ndash; XL Catlin&nbsp;&ndash;&ndash; conducts security awareness campaigns in various forms including videos, posters, email campaigns, blogs and online training modules. ​Our Information Risk Management (IRM) team admits though that the challenge is to get colleagues to pay attention to these messages and learn what they really have to look out for to stop a cyber hack.&nbsp; To do so, they got a little creative, launching a campaign appealing to our charitable tendencies. They compiled helpful videos educating employees on various cybercrime tactics and avoidance. For every educational video viewed by employees, they vowed to donate one dollar to the charity Doctors without Borders. The campaign significantly increased video views and raised USD 10,000 for the charity.&nbsp; (Read more about it in the teams&rsquo; FFF article, &ldquo;<a href="" target="_blank"><span style="text-decoration: underline;">Online Learning: Raising Cyber Security Awareness by Watching and Giving</span></a>.&rdquo;) Its success has prompted our cybersecurity team to re-launch the campaign to help reinforce both old and new and emerging cyber security issues.&nbsp; ​<strong>More Vigilance</strong><p style="background: white; margin: 0in 0in 15pt;">The US Federal Bureau of Investigation also offers up a number of <a href="" target="_blank"><span style="text-decoration: underline;">tips for dealing with ransomware</span></a>, among them:</p><ul style="list-style-type: square;">    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Make sure employees are aware of ransomware</strong> and of their critical roles in protecting the organization&rsquo;s data.</li>    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Ensure antivirus and anti-malware solutions</strong><strong> </strong>are set to automatically update and conduct regular scans.</li>    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Manage the use of privileged accounts</strong>&mdash;no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.</li>    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Configure access controls</strong>, including file, directory, and network share permissions appropriately. If users only need read specific information, they don&rsquo;t need write-access to those files or directories.</li>    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Disable macro scripts</strong><strong> </strong>from office files transmitted over e-mail.</li>    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Implement software restriction policies</strong><strong> </strong>or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).</li>    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Back up data regularly</strong><strong> </strong>and verify the integrity of those backups regularly.</li>    <li style="background: white; margin: 0in 0in 10pt; color: #000000;"><strong>Secure your backups</strong><strong>.</strong> Make sure they aren&rsquo;t connected to the computers and networks they are backing up.</li></ul><p style="background: white; margin: 0in 0in 0pt;">Adopting the gang-style approach of the cyber criminals, businesses need to coordinate multi-disciplinary participation throughout the organization to fight cyber gangs&rsquo; crime games and drive online vigilance throughout their organizations.<em>About the Author</em><em>Gregory W. Bangs is the Global Crime Product Leader and head of US Crisis Management at XL Catlin. Over the last 30 years, he has been underwriting insurance and developing new products in the US, UK, Hong Kong and France. Greg can be reached at &nbsp;<a href=""><em></em></a>.</em></p><p style="background: white; margin: 0in 0in 0pt;">&nbsp;</p><p style="background: white; margin: 0in 0in 0pt;">&nbsp;</p>

More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.