U.S. agencies making progress on cybercrime, officials say
But criminals continue to target U.S. businesses, with the FBI currently investigating 400 wire transfer cases
IDG News Service - U.S. government agencies are getting better at sharing information about cyberattacks with private companies, but cybercrime shows no signs of slowing down, cybersecurity experts told lawmakers Wednesday.
The U.S. Secret Service, the FBI and the Department of Homeland Security work closely together to combat cybercrime, witnesses from the three organizations told a subcommittee of the House Financial Services Committee. But criminals are taking advantage of the growing amount of personal information online and the ability to share attack tools and strategies over the Internet, said A.T. Smith, assistant director of the Secret Service.
"The Secret Service has observed a marked increase in the quality, quantity and complexity of cybercrimes targeting private industry and critical infrastructure," he said.
The FBI is investigating more than 400 cases involving unauthorized wire transfers from bank accounts of U.S. businesses, said Gordon Snow, the assistant director there. Those 400 cases involved the attempted theft of $255 million, with actual losses of $85 million, and the cases involving the takeover of accounts represent just one type of attack against financial systems, he said.
Snow also listed recent examples of payment processor breaches, stock trading fraud, ATM skimming, mobile banking attacks and other schemes targeting the U.S. financial system. Cybercriminals' capabilities are at "an all-time high," although combating cybercrime is a top priority for the FBI and other agencies, he said.
The annual cost of cybercrime is about $388 billion, including money and time lost, said Brian Tillett, chief security strategist at Symantec. That's about $100 billion more than the global black market trade in heroin, cocaine and marijuana combined, he said.
The financial services industry, the focus of Wednesday's hearing, is a top target for cybercriminals, Tillett said, but he also praised cybersecurity efforts there.
"The financial services industry generally, has been ahead of the curve on cybersecurity, recognizing the importance of these issues long before they were common in daily headlines," he said. "Thus, the need for action is not so much an issue of additional legislation or regulation, but rather an issue of responding to evolving threats by implementing mitigation and protection measures."
Subcommittee Chairwoman Shelley Moore Capito asked if the DHS and other agencies were sharing information about cyberattacks with each other and with private companies.
Employees of private companies with security clearances now have access to the DHS National Cybersecurity and Communications Integration Center (NCCIC), which coordinates cyberincident response efforts within the U.S. government, said Greg Schaffer, acting deputy under secretary at the DHS. U.S. agencies have also provided assistance to the financial services industry during cyberattacks, he said.
"We are in a better place today, in terms of information sharing, than we've been in the 15 to 17 years I've been in this space," Schaffer said. "We have certainly made a lot of progress."
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Cybercrime and Hacking White Papers | Webcasts