BID® Daily Newsletter
May 10, 2021

BID® Daily Newsletter

May 10, 2021

Cybercrime & The Dark Web: 3 Steps to Stay Vigilant

Summary: Dark web sites are only accessed with encrypted software to allow stolen financial information to be sold to cyberthieves anonymously. It is a lucrative operation as these illegal sites have been known to make over $1B. Three ways to help stem the tide of stolen financial data are using Open Source Intelligence tools to search the dark web, keeping updated on new threats, and working with law enforcement.
According to Cybersecurity Ventures, the cost due to global cybercrime is expected to reach $10.5T annually by 2025, growing 15% YoY. That is a staggering number. To help mitigate increasing security risks and data loss, community financial institutions (CFIs) must consider not only how they are being breached, but where stolen information could be funneled.
With the increase in “everything online” this past year, including shopping and banking, it is hardly surprising that organized cybercriminal syndicates and nation-states are scaling up both the pervasiveness and the professionalism of their tricks, including selling their information on the dark web.
After infiltrating bank systems and taking valuable financial and personal information, cybercriminals increasingly sell that information on the dark web. Dark web sites can only be accessed using encrypted software so that users can be anonymous, which is the reason cyberthieves like using them. These sites deal in the sale and trade of illegal wares alongside stolen information, such as bank account numbers, credit and debit card numbers, and sensitive personal data. The stolen data is then used to make fraudulent purchases or establish fake accounts.
Lucrative cybercrime operations. It is difficult to estimate how many of these dark web, illegal forums are currently in operation, given that many are run by shrewd cybercrime syndicates that are experienced at covering their tracks. However, experts estimate that there are hundreds of sites worldwide that specifically deal in financial or card information. Further, while nefarious operations like Silk Road have been shuttered by authorities rather quickly, many of the more successful dark web sites have been operating for years. (Case in point: Though it recently shuttered operations, Russian dark web forum, Joker’s Stash, had been active since 2014 and raking in more than $1B in revenue.)
Mainly stolen US credit and debit cards. Much of this ill-gotten revenue is from stolen credit and debit cards. These underground sites were estimated to be selling more than 23MM stolen credit and debit card numbers in early 2019, which was before the online surge last year during the pandemic. Not only that, but a disproportionate amount of those legitimate account numbers come from US bank customers — almost two-thirds of them.  
While it may be difficult for CFIs to keep up with all of this, being informed and proactive plays an important part in helping to stem the tide of stolen financial data. In that vein, we give you three ways to do this.
  1. Make sure that your IT team uses Open Source Intelligence tools (OSINT) to help them conduct automated dark web searches. By using automated tools that can alert them to potentially stolen data from your institution or your customers, IT security can efficiently uncover problems and take immediate action. 
  2. Keep abreast of any new threats from the FBI website as well as local law enforcement. This allows you to patch any potential cyber vulnerabilities or boost certain security measures before anything happens. These threats should also be communicated with executives, staff, and customers to make sure they are educated on the latest dangers.
  3. Coordinate with law enforcement, if you uncover cybertheft so that they can take the appropriate measures on their end. They have technical teams specialized in this type of crime and can shut operations down.
The dark web is like a black hole for thievery. So, it is important to stay actively focused on cybercriminals and their tricks to mitigate the cyber risks and keep your data safe. As always, keep communicating with your employees and customers also. This way, you can remain a vigilant front against the nefarious activities of the dark web. 
 
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

The Risky Side of Fintech Partnerships
Partnering with fintechs is a good way for CFIs to quickly enhance their online services and offerings. But such partnerships can also create unintended risks for CFIs, a reality that has spurred regulators to step up oversight in this area.
How Big Banks’ 2024 Stress Testing Scenarios Can Help You
The Federal Reserve has released its 2024 stress testing scenarios: its primary tool to assess the largest banks’ fiscal health resiliency by estimating losses, net revenue, and capital levels under hypothetical recession scenarios. This year’s severely adverse scenario includes unemployment reaching 10%, a widening spread on corporate bonds, and dramatic declines in asset prices. We summarize the scenarios and determine how they can help CFIs devise their own tests to improve their capital planning and risk management.