Financial institutions need to defend themselves against ransomware demands, says an NSA cybersecurity expert in the keynote of the annual ACAMS conference
LAS VEGAS — As the Biden administration pushes to fight criminal networks responsible for ransomware attacks against critical infrastructure, banks and other financial institutions need to protect themselves and report incidents to the U.S. government, a National Security Council official told attendees of an anti-money laundering (AML) conference here last week.
Giving the keynote on the first day of the annual Association of Certified Anti-Money Laundering Specialists (ACAMS) conference, Carole House, director for cybersecurity and secure digital innovation with the National Security Council, said it was crucial that financial institutions protect themselves.
“First, defend yourselves. Implement basic cyber-hygiene practices, look at your framework, look at your architecture, and make some decisions about the cybersecurity measures that can be put in place, implementing measures like multi-factor authentication… can really help to defend against cybercrime,” House said, adding that it also is critical that institutions share information with authorities when they become aware of a ransomware attack or related ransom payment.
“Report it to us, fill out your suspicious activity reports (SARs) for cyber-enabled financial crime, and provide as much readily available information that’s relevant to the incident as possible — specific indicators and other institutions that may be involved,” she said. “All of that information helps the U.S. government build out this broader threat picture and helps us bring accountability to the actors that are behind this.”
Recent multiple ransomware attacks “highlight the urgent need for change” on the part of government, small businesses, critical infrastructure providers, and major corporations, House explained. “All of them have been targets of nation-state and cybercriminal activity.
Security can’t be an afterthought, it has to be incorporated into design of systems upfront.
“For too long the public and private sectors have failed to implement basic cybersecurity hygiene practices and steps to modernize our cybersecurity incident response and defenses,” she explained. “Security can’t be an afterthought, it has to be incorporated into the design of systems upfront.”
Identity verification plays a vital role in stopping cybercrime attacks, House added. “We’ve heard estimates from the industry that the majority of ransomware incidents would have been thwarted simply through implementation of multi-factor authentication.”
Ransomware, which is “inherently an international threat,” involves transnational organized crime and money laundering networks. “The threat continues to escalate in scale and severity,” she said.
Ransomware a ‘money-laundering problem’
During the past several months, ransomware attacks have targeted critical U.S. infrastructure, Irish and French hospitals, a Japanese manufacturing firm, and food processing companies, House noted, adding that such attacks involve criminals who use malware to prevent victims from accessing vital systems and then demanding a ransom be paid — typically in cryptocurrency — to allow access.
“The administration recognizes ransomware as a money-laundering problem — and as a financial crime problem — so all of you here are partners that we need… to help us in this fight against ransomware and to disrupt the financial ecosystem that supports these criminals,” she said.
House also noted steps that the U.S. Treasury’s Office of Foreign Assets Control (OFAC) took on September 21 to combat ransomware. OFAC blacklisted a cryptocurrency exchange for allegedly enabling illegal payments from ransomware attacks and issued an updated enforcement advisory outlining steps financial institutions and other businesses can take to mitigate sanction risks associated with ransomware payments.
OFAC encouraged “improved cybersecurity across the private sector and increasing incident and ransomware payment reporting to U.S. government agencies, including Treasury and law enforcement authorities,” House said.
In introducing House to the crowd of 2,500 in-person and online ACAMS conference attendees, Kieran Beer, chief analyst and director of editorial content at ACAMS, said cybersecurity “initially was kind of peripheral to what people did in AML departments, but you’re being called in to not only write the SARs, but to figure out what’s happening in general with regard to cybersecurity.”
Katie Ford, deputy associate director of the policy division at the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) said during a subsequent panel at the ACAMS event that FinCEN considers ransomware a top financial crime threat and noted that cybercrime was among the top national AML priorities identified by the agency earlier this year.
“We highlighted in particular the threat of ransomware, so this is something we’re very focused on,” Ford said.