Community banks, though relatively small, are attractive targets for cyber criminals as “low-hanging fruit,” said Banking Superintendent James Johnson on April 11 during the Iowa Division of Banking’s Day with the Superintendent.
There have been 3.79 million cybercrime-related reports over the past five years, leading to $37.4 billion in reported losses, said Omaha-based FBI Special Agent in Charge Dean Neubauer before hundreds of community bankers at the Sheraton West Des Moines Hotel. Neubauer estimated the total figure is likely over $100 billion.
Neubauer said other nations are already at war with the United States on the cyber front. The campaigns of both President Joe Biden and former President Donald Trump have already been targeted by phishing attacks from hackers linked to Iran and China. In June 2023, several U.S. federal government agencies were impacted in a global cyberattack by Russian-linked hackers, according to the Center for Strategic & International Studies.
Cyber criminals are generally elusive, Neubauer said, as many operate in Eastern European countries without an extradition treaty with the United States. Criminals sometimes travel under fraudulent identities, and it is challenging to identify the individual who launches an attack when a larger group takes credit.
Business email compromise is a much more damaging attack than ransomware, Neubauer noted. Such attacks exploit human vulnerabilities through phishing emails. Other common forms of fraud include romance/confidence schemes; pig butchering; work-from-home scams; and money laundering operations. Non-financially motivated forms of cybercrime include hacktivism or attacks done only for the amusement of the attacker.
Neubauer said criminals have the intelligence and drive to infiltrate bank systems. To combat that risk, Neubauer sees multi-factor authentication as a must-have. He advised banks to train employees on how to spot malicious emails and enact prevention policies along with technical controls. He also suggested flagging external emails, proactively identifying threats from lookalike domains and using two-factor authentication with secondary verification through a separate channel.
More ransomware is also laying dormant with communication channels back to the attacker. To prevent ransomware attacks, banks are advised to undertake security patching; scan for vulnerabilities; review user behavior analytics; monitor tripwires/file integrity; and undertake recovery planning. Banks are advised to disconnect the impacted system from the internet, isolate machines, call the FBI to file a report as soon as possible, and preserve emails and other forms of communication. The FBI advises victims not to pay ransom demands to disincentivize criminals from launching future attacks.