U.S. agencies making progress on cybercrime, officials say
But criminals continue to target U.S. businesses, with the FBI currently investigating 400 wire transfer cases
IDG News Service - U.S. government agencies are getting better at sharing information about cyberattacks with private companies, but cybercrime shows no signs of slowing down, cybersecurity experts told lawmakers Wednesday.
The U.S. Secret Service, the FBI and the Department of Homeland Security work closely together to combat cybercrime, witnesses from the three organizations told a subcommittee of the House Financial Services Committee. But criminals are taking advantage of the growing amount of personal information online and the ability to share attack tools and strategies over the Internet, said A.T. Smith, assistant director of the Secret Service.
"The Secret Service has observed a marked increase in the quality, quantity and complexity of cybercrimes targeting private industry and critical infrastructure," he said.
The FBI is investigating more than 400 cases involving unauthorized wire transfers from bank accounts of U.S. businesses, said Gordon Snow, the assistant director there. Those 400 cases involved the attempted theft of $255 million, with actual losses of $85 million, and the cases involving the takeover of accounts represent just one type of attack against financial systems, he said.
Snow also listed recent examples of payment processor breaches, stock trading fraud, ATM skimming, mobile banking attacks and other schemes targeting the U.S. financial system. Cybercriminals' capabilities are at "an all-time high," although combating cybercrime is a top priority for the FBI and other agencies, he said.
The annual cost of cybercrime is about $388 billion, including money and time lost, said Brian Tillett, chief security strategist at Symantec. That's about $100 billion more than the global black market trade in heroin, cocaine and marijuana combined, he said.
The financial services industry, the focus of Wednesday's hearing, is a top target for cybercriminals, Tillett said, but he also praised cybersecurity efforts there.
"The financial services industry generally, has been ahead of the curve on cybersecurity, recognizing the importance of these issues long before they were common in daily headlines," he said. "Thus, the need for action is not so much an issue of additional legislation or regulation, but rather an issue of responding to evolving threats by implementing mitigation and protection measures."
Subcommittee Chairwoman Shelley Moore Capito asked if the DHS and other agencies were sharing information about cyberattacks with each other and with private companies.
Employees of private companies with security clearances now have access to the DHS National Cybersecurity and Communications Integration Center (NCCIC), which coordinates cyberincident response efforts within the U.S. government, said Greg Schaffer, acting deputy under secretary at the DHS. U.S. agencies have also provided assistance to the financial services industry during cyberattacks, he said.
"We are in a better place today, in terms of information sharing, than we've been in the 15 to 17 years I've been in this space," Schaffer said. "We have certainly made a lot of progress."
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts