Cyber Attacks–How Secure Are We?

Global hacker trends and tips for keeping your business safe from cybercrime are covered by a security expert and Thematics portfolio manager.

In a recent webinar, Frédéric Dupraz, co-portfolio manager of the Thematics Safety strategy, spoke with former US FBI special agent and cybersecurity expert Jeff Lanza about cybercrime threats facing financial firms, investors, and everyday citizens.

Lanza spent more than 20 years at the FBI investigating cybercrime, organized crime, human trafficking, and terrorism. He is the author of numerous books including Cybercrime: How to Stay Safe from Online Fraud and Identity Theft. In this conversation, Lanza shares his thoughts on the current and future state of cybercrime and the importance of staying vigilant, and offers tips for how to safeguard your information and avoid being targeted. Here are some highlights:

Jeff Lanza: Cybercrime is so unique because it affects so many different types of people and companies. For example, a gigantic global shipping company whose ships are in the middle of the ocean can be literally crippled by a ransomware attack. Cybercrime can also affect a retiree who is on their home computer and connecting with someone who’s trying to get them to buy gift cards, or to fix a problem on their computer that they don’t really have.

Cybercrime can range from nation states to governmental military organizations to someone hacking on a small island in the middle of the Atlantic Ocean. Unfortunately, a lot of cybercriminals are out of the FBI’s reach. Because they are not within the jurisdiction of law enforcement agencies around the world, these criminals are not going to be extradited to the United States to face charges and there are no consequences or deterrents. So the crimes continue.

As for the future, I think ransomware is the next variation of cybercrime as criminals try to mutate around our defenses. They are holding companies’ files hostage and, in some cases, exfiltrating those files and holding them for ransom until money is paid. I think we may even see cybercrime protection as a service offered by criminals – meaning, you pay us money and we’ll make sure you don’t get hacked.
Lanza: The information that you put out on social media can be used to build a profile of you by criminals, and every piece of information could be used to potentially steal your identify. I once had a financial advisor’s client get their bank account hacked and they wondered how the cybercriminals overcame the two-factor authentication the bank had in place – those codes that were sent to the phone as additional measures to prevent bogus or fraudulent logins. Well, the criminal had done SIM card swapping. They got the phone number of the victim switched over to their own phone by calling up the cell-phone provider and convincing them that they were the legitimate phone owner. They were able to answer challenge questions and birth dates because a lot of people put that information on social media. So anything we put out there is potentially liable or capable of being used against us. For fraud protection, we have to be careful what we put on social media.
Lanza: Creating a secure work-from-home environment is the issue. Because outside the company firewall you have less protections. Maybe you have non-secure wireless networks in a home or you’re not using a virtual private network (VPN) to help secure your work transactions and communications. You might click on a phishing email and download malware or go to a website and you get a drive-by download and that malware infects the network.

I think an important component of securing us during these pandemic times is a lot of good education and telling people how important it is to avoid links in emails from unknown or suspicious senders.
Lanza: Here’s an example of risk and what can happen. In 2016, the biggest fraudulent wire transfer in history affected the financial industry when the Bank of Bangladesh was victimized. Their money was being held at the New York Federal Reserve Bank in New York. On a weekend when cybercriminals knew there would be less oversight, they stole the login credentials of a bank employee and ordered a wire transfer of $100 million to a third party outside of the Fed.

The cybercriminals had all the credentials they needed to do the transfer. But it would have been a billion-dollar transfer if one of the criminals hadn’t spelled a word wrong in one of the transfer requests. Someone at the Fed saw the misspelled word and stopped all further wire transfers until they got it figured out.

So this type of crime can occur on a big level, but can also occur in financial advisors’ accounts, because email accounts are being hijacked by cybercriminals. They simply change the beneficiaries, routing number, and account number to their bank account. Even if a financial advisor were to call and verify the wire transfer, they may not verify the specific instructions and then the money goes to the criminal’s account. So the rule is, always verify wire transfers by phone and the specific instructions regarding those transfers.
Lanza: Cybercriminals started stealing bank login credentials years ago. So banks got better at preventing accounts from being hacked by forcing customers to use strong passwords and stepping up multi-factor authentication when they didn’t recognize the login attempt from a computer that the bank hadn’t seen before.

But then the criminals mutated and changed their ways and started committing “business email compromise.” This is when they hijack email accounts or set up domain names that look like the company’s name – only there is an extra letter in the name, or they switch letters around, and people don’t notice. A lot of money has been lost this way. That’s why having alerts on your bank accounts is really important, so you’re notified when money moves.
Lanza: Do not pay the ransom for three reasons. Number one, you are not guaranteed you are going to get your information and the encryption key back. Generally, you will, but there is no guarantee. Second, if you pay, you are tagged as a payer, and you might get hit again. Third, a lot of times when someone pays ransom, that money can be used to fund other criminal activities – like human trafficking and terrorism activities – and criminals generally generate money to fund big operations by doing ransomware attacks. So you may be encouraging other illegal activity by paying ransom.
This material is provided for informational purposes only and should not be construed as investment advice. All investing involves risk, including the risk of loss. Investment risk exists with equity, fixed income, and alternative investments. There can be no assurance that developments will transpire as forecasted, and actual results may vary. Investors should fully understand the risks associated with any investment prior to investing.

Jeff Lanza is not an employee or associated person of Natixis Investment Managers and is independently responsible for the information provided as well as for any expressed views or opinions on any topic. Views and opinions are not those of Natixis Investment Managers and should not be relied upon as advice.

THEMATICS ASSET MANAGEMENT – An affiliate of Natixis Investment Managers. A French SAS (Société par Actions Simplifiée) with a share capital of €150 000. RCS Paris: 843 939 992. Regulated by the AMF (Autorité des Marchés Financiers), under no GP 19000027. 43, avenue Pierre Mendès France, 75013 Paris, France.