Timeline of major Cyber attacks against the financial institutions in the United states

Timeline of major Cyber attacks against the financial institutions in the United states.

Cyber attacks are occurring more frequently and banks, insurance companies, and other financial services firms are prime targets. Due to the nature of these businesses and the sensitivity of their data, financial firms are hit with approximately 300 times more cyber attacks than businesses in other industries. In a data-driven financial landscape, cybercrime has emerged as a significant concern for regulators and institutions alike, with criminals exploiting computer systems and online financial services to perpetrate money laundering, fraud and other crimes. In 2015, cybercrime cost the global economy around $3 trillion , with that figure expected to rise to $6 trillion in 2021. The cost of cybercrime is expected to grow by around 15% annually over the next 5 years, reaching around $10.5 trillion in 2025..

2014 JP MORGAN AND CHASE One of the largest breaches in history at that time..

01 April 2016 MORGAN STANLEY Morgan Stanley was slapped with a $60 million fine by regulators..

07 September 2017 EQUIFAX One of the three largest credit agencies in the U.S., suffered a breach..

26 September 2017 SONIC Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems.

May 2019 FIRST AMERICAN FINANCIAL CORP. First American Financial Corp. suffered a data breach in May 2019..

17 July 2019 CAPITAL ONE Capital One Financial Corporation, a bank holding company, disclosed a data breach in July which affected approximately 100 million individuals in the United States ..

10 July 2020 SEC WARNING. The SEC (U.S. Securities and Exchange Commission) issued a warning about a rise in ransomware attacks on U.S. financial firms. These attacks focus on gaining access to the company and then enacting ransomware and have targeted firms all across the financial services sector. The SEC is so alarmed by recent developments that it has issued warnings on several areas: 1.Ransomware: An increase in sophistication of attacks on broker-dealers, investment advisers, and investment companies. 2.Credential compromises: An increase in cyber-attacks against brokers and dealers using “credential stuffing”..

01 may 2021 MORGAN STANLEY Morgan Stanley reported a data breach after vendor Accellion hack.

03 November 2021 ROBINHOOD On November 3, 2021 Late in the Evening Robinhood experienced a data security incident..

01 December 2021 COMPUTER-SECURITY INCIDENT NOTIFICATION FINAL RULE.

04 December 2021 BITMART BitMart identified a large-scale security breach related to one of their ETH hot wallets and one of their BSC hot wallets..

What is Cybercrime? Although there is no universally codified definition, cybercrime is generally understood to be any crime that is perpetrated online or that involves the use of a computer. Cybercrimes may be separated into two categories of crime:.

.. Cybercrimes involve a wide variety of approaches and methodologies. Specific examples include: Illegal access to computers and networks via email phishing, hacking attacks or any means of deception. Fraud and forgery committed with the use of computers. Online content-related crimes including the sharing of child pornography or incitements to violence or racism. Intellectual property crimes such as the unauthorized reproduction, distribution and sharing of copyrighted materials such as films, music, and software. Cybercriminals may use the approaches set out above to steal financial data, card payment data, user identities, or to perform extortion (using the threat of more severe cyber-attacks)..

Predicate offence:. Cybercrime is considered a money laundering predicate offence in the sense that it generates illegal proceeds that need to be disguised by laundering before they can be entered into the legitimate financial system. The European Union’s 6th Ant-Money Laundering Directive (6AMLD) codifies this by including cybercrime in its list of 22 money laundering predicate offences , joining existing predicate offences like human trafficking, drug trafficking, counterfeiting, and theft. In adding cybercrime to the 6AMLD list of money laundering predicate offences, the EU has introduced a new compliance obligation: under 6AMLD rules, firms must screen their customers and transactions for evidence of cybercrime money laundering activities – a process which involves performing risk assessments and examining transactional behavior..

Cybercrime Red Flags Cybercrimes often exhibit ‘red flag’ characteristics that can aid firms in detecting and preventing money laundering and in enhancing their compliance performance. In response to the global pandemic, the Financial Crimes Enforcement Network (FINCEN) recently released a series of advisories calling on financial institutions to be particularly vigilant for cybercrime Covid-19 related attempts to launder money. With those advisories in mind, red flags that indicate cybercrime money laundering include:.

How to comply?. Under Financial Action Task Force (FATF) recommendations, banks, financial institutions and other obligated entities must put risk-based AML/CFT programs in place to deal with the AML/CFT threats that they face. In practice this means that firms must conduct risk assessments of their customers and deploy a proportionate AML response. In the context of cybercrime, this means that firms must work to identify their customers and to monitor their transactional behavior on an ongoing basis with the following AML/CFT measures and controls: Consumer due diligence Transaction monitoring Sanctions screening Politically exposed persons(PEP) screening Adverse media monitoring.

Thank you ALL for listening!.