Cybersecurity Journalist says SolarWinds Hack is a “Harbinger” of Threats to Come

/
Cybersecurity Journalist says SolarWinds Hack is a “Harbinger” of Threats to Come

Award-winning journalist, broadcaster and author Misha Glenny says that ransomware should be the top concern of European organizations — and that they’re not prepared. “Over the past year, we have seen a ramping up of the strategy among some of the top Russian ransomware groups. Instead of just locking up your data, leaving you to bang your head against a brick wall, some groups are now carrying out their threat to exfiltrate your data and post it for all your competitors to peruse,” he told the ACFE. “The darkest moment in cybersecurity over the last year was the discovery of the SolarWinds hack … This is a harbinger of the security issues in the era of the Internet of Things and machine-to-machine learning.” Glenny, who’s groundbreaking exposé, McMafia, has been adapted into a major BBC television series, will be speaking at the virtual 2021 ACFE Fraud Conference Europe, 11-12 March.

Read More

The Face of Cybercrime Is No Longer the Person With the Hoodie

/
The Face of Cybercrime Is No Longer the Person With the Hoodie

“People don’t rob banks with guns anymore; they use USB sticks and malware.” Implementing this sobering remark as a reminder of the everchanging landscape of crime, Raj Samani greeted his virtual audience at the ACFE Fraud Conference Europe. Samani, who is Chief Scientist and McAfee Fellow at the cybersecurity firm McAfee, helped found the initiative NoMoreRansom, which now includes more than 100 partners across the public and private sector.

Samani’s talk comes at a ripe moment for increased awareness and precautionary measures regarding cybercrime, which has recently been employed to target the health care industry as it combats the dire prognosis of COVID-19. Samani noted that many cybercrime enforcement officials believed that criminals would take the high road and resist attacking hospitals and health care providers during the pandemic, yet as soon as Samani heard word of a cyberattack at a health care facility a few weeks into this global situation, he received unwanted confirmation that criminals will always take advantage of opportunities when they arise.

Read More

What to Do After You File Your Investigation Report

/
What to Do After You File Your Investigation Report

As a fraud investigator, you may be used to being given a case, investigating it, submitting a report with the findings and then moving on to the next case with little follow up on what the result of the report was. But what happens after the report is filed may be just as important for the organization as the investigation itself.

Sherman McGrew, J.D., CFE, highlighted the importance of what happens after an investigation in his virtual session at the 2020 ACFE Fraud Conference Europe. McGrew, who is a program analyst at the U.S. Transportation Security Administration (TSA) walked the audience through the practical steps of investigating a fraud allegation. Although many fraud examiners may be removed from the process after the investigation is complete, McGrew urged them to make a few recommendations to their employers before they’re completely done with the process.

Read More

Implementing the Lessons Learned From Maersk's Major Cyberattack

/
Implementing the Lessons Learned From Maersk's Major Cyberattack

When Lewis Woodcock, head of Cyber Security Operations at A.P. Moller — Maersk, spoke to a virtual crowd at the 2020 ACFE Fraud Conference Europe, he remained cautiously optimistic. Despite the gravity and intensity of his experience on the ground during the cyberattack that plagued Maersk in the summer of 2017, Woodcock recalled his time working with the response team saying, “there was no sense of panic, more of a distinct, determined energy. There was work that could almost be described as excitement to tackle the enormous challenge that lay ahead.”

In this case, “enormous challenge” could almost be considered a euphemism. Maersk, an integrated transport logistic company, manages nearly 20% of world trade; its vessels make 50,000 port calls each year. The company itself is large and complex, employing approximately 88,000 people globally and with no real central office. When their networks were struck with a cyberattack that shut down all their computer operating systems, the outage it caused transcended national borders and affected hundreds of thousands of people.

Read More

Criminals Use Cryptocurrencies to Launder, Extort and Steal Money

/
Criminals Use Cryptocurrencies to Launder, Extort and Steal Money

Cryptocurrencies are no longer new nor nascent, but they are still a popular vehicle by which criminals use to extort, launder and steal money. “I remember when ransomware started, they [criminals] used PayPal,” said Costel Ion, CFE, director - principal investigator at Deutsche Bank in his virtual session at the 2020 ACFE Fraud Conference Europe. “Now ransomware criminals are using many forms of cryptocurrencies.”

Read More

Using Open Sources for Financial Crime Intelligence

/
Using Open Sources for Financial Crime Intelligence

The world wide web is a constantly fluctuating ocean of information. Investigators often have to navigate through massive currents of data to find a few pertinent threads. A technique or tool that you use today may not be the same or even available tomorrow. But as Stephen Hill, Ph.D, MLPI, CIIP, managing director at Hill Bingham Ltd, said in his virtual session at the 2020 Fraud Conference Europe, “At the end of the day, a search engine is a database, and you’re running a query against that database.”

The goal for open source intelligence gathering is to take something broad and find the query that will narrow it down to the specific information you need. The key to doing this is your creativity. Although the tools and techniques might evolve as time passes, here are three important building blocks you need when using open sources for gathering financial crime intelligence.

Read More

Making Compliance Cool

/
Making Compliance Cool

“Before you get to what you’re going to teach people, you’ve got to get their attention.” Vince Walden said, quoting Rashelle Tanner, the director of the Compliance Learning Program at Microsoft, to illustrate what he wanted to convey about compliance to virtual attendees of the ACFE Fraud Conference Europe on Monday. He added, “You have got to make compliance more engaging and figure out how to make training stick.”

Walden, the managing director of Forensic Technology Services at Alvarez & Marsal Disputes and Investigations LLC, encouraged listeners to use different techniques to make compliance training and adhering to best practices fun, engaging and even a little surprising.

Read More