Tuesday, December 17, 2019
With a new year and decade on the horizon, security analysts are advising companies to harden their security postures. Fraudsters and fintechs are innovating and iterating, borrowing from each other’s playbooks to weaponize solutions that alternately compromise or protect data. Forensic investigators have seen increasingly dynamic and sophisticated strains of malware, ransomware and money laundering attacks, according to recent reports. These new attack vectors require an equally strong and proportional response from cybersecurity firms, experts noted.
In a Dec. 11, 2019, blog post titled “New Zeppelin Ransomware Targeting Tech and Health Companies,” cybersecurity analyst Mohit Kumar, founder and editor-in-chief of The Hacker News, reported a new form of ransomware called Zeppelin is designed to operate everywhere but its own home turf. The malicious code has been spotted in Europe, Canada and the United States, he wrote, but “if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan, breathe a sigh of relief, as the ransomware terminates its operations if found itself on machines located in these regions.”
In discussing this new form of ransomware, Gary Glover, vice president of assessments at SecurityMetrics, said, “Zeppelin is targeting tech and healthcare companies, but will turn itself off in various countries in Eastern Bloc nations. Once again, having a good backup strategy is the best defense, short of acquiring a lot of bitcoin to pay ransoms.”
Kumar additionally noted that ransomware variants can be packaged as subscription services on underground forums. BlackBerry Cylance researchers believe Zeppelin may have “ended up in the hands of different threat actors” or was “redeveloped from bought/stolen/leaked sources,” Kumar said.
Glover recommended examining business environments in the same way that a hacker would, using manual penetration testing, also known as ethical hacking. “Our penetration testers use the most up-to-date hacking methodologies to identify vulnerabilities, minimize risk, and protect organizations against current hacking trends,” he said.
Mark Gazit, CEO at ThetaRay, suggested implementing advanced AI-powered solutions to protect financial institutions and service providers against an array of financial crimes and money laundering schemes. “Regulators will become more open to banks using advanced AI systems to identify unknown and unexpected threats,” he said. “However, explainability and transparency of AI systems will be crucial.”
Crimes such as human trafficking and terror funding frequently launder proceeds through financial services providers, Gazit noted. Anticipating that these escalating criminal activities will place additional regulatory burdens on financial institutions, he urged banks and service providers to be vigilant about money laundering, not only for regulation and compliance purposes, but also because they will be under greater public scrutiny for their perceived role in these crimes. Implementing AI-based solutions, such as ThetaRay's Artificial Intuition, can help identify unknown and unexpected threats, he stated. 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
