AML CHALLENGES
Join the call for stronger international agreements and alliances among governments and law enforcement agencies financial transaction as it occurs. 31 Other related cyberthreats include man-in-the-mobile, man-in-the-app, man-in-the-cloud and man-in-the-IoT attacks. 32
In conclusion, on the perplexing issue of cyberattacks by nationstate actors, responses may include the following:
• Research cyberattacks by nation-state actors and commercial and governmental responses to such cyberattacks. Online search terms like“ advanced persistent threats”( APTs) may be helpful. APTs often cover large-scale cyberattacks incited by nation-states— such as China, Russia, Iran and North Korea 33— or by hacking groups, companies or organizations that serve as their proxies. 34 APTs may also include cyberattacks that are directed at major institutions by foreign terrorists and criminal organizations. 35
• File timely suspicious activity reports( SARs), pursuant to the U. S. Department of the Treasury’ s Financial Crimes Enforcement Network’ s recently issued advisory to financial institutions on cyber-events and cyber-enabled crime. 36
• In addition to filing SARs, other public-private information sharing options may include those outlined by the Cybersecurity Information Sharing Act of 2015( CISA), 37 a U. S. federal law designed to encourage public-private information sharing on cyberthreats. 38 Please note:
— CISA is not a substitute for other federal reporting, such as timely SAR filings. 39
— CISA submissions must be attentive to information privacy and cybersecurity concerns, given the possibility of a CISA data breach by cybercriminals, including nation-state actors and their proxies. 40
— CISA has been criticized by information privacy and civil liberties groups, like the Electronic Frontier Foundation( EFF) 41 and the American Civil Liberties Union( ACLU). 42
• Join the call for stronger international agreements and alliances among governments and law enforcement agencies, prompted by the recent wave of cyberattacks backed by nation-states. 43
31
Dauda Sule,“ Man in the Browser— A Threat to Online Banking,” ISACA Journal, Volume 4, 2016, https:// www. isaca. org / Journal / archives / 2013 / Volume-4 / Documents / 13v4-Man-in-the-Browser. pdf
32
Michael Gregg,“ Six Ways You Could Become a Victim of Man-in-the-Middle( MiTM) Attacks This Holiday Season,” Huffington Post, November 12, 2016, http:// www. huffingtonpost. com / michael-gregg / six-ways-you-could-become _ b _ 8545674. html
33
Frank J. Cilluffo,“ Emerging Cyber Threats to the United States,” United States House of Representatives testimony, February 26, 2016, http:// docs. house. gov / meetings / HM / HM08 / 20160225 / 104505 / HHRG-114-HM08-Wstate-CilluffoF-20160225. pdf
34
Tom Spring,“ Nation States Distance Themselves from APTs,” Threatpost, February 14, 2017, https:// threatpost. com / nation-states-distancing-themselves-from-apts / 123711 /
35
Limor Kessem,“ Organized Cybercrime’ s New Bull’ s-eye: Bankers,” SecurityIntelligence, April 8, 2016, https:// securityintelligence. com / organized-cybercrimes-new-bulls-eye-bankers /
36
“ FIN-2016-A005 Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime,” United States Department of the Treasury- Financial Crimes Enforcement Network, October 25, 2016, https:// www. fincen. gov / sites / default / files / advisory / 2016-10-25 / Cyber % 20Threats % 20Advisory % 20- % 20FINAL % 20508 _ 2. pdf
37
S. 754,“ Cybersecurity Information Sharing Act of 2015,” Congress. gov, October 27, 2015, https:// www. congress. gov / 114 / bills / s754 / BILLS-114s754es. pdf
38
Brad S. Karp,“ Federal Guidance on the Cybersecurity Information Sharing Act of 2015,” Harvard Law School Forum on Corporate Governance and Financial Regulation, March 3, 2015, https:// corpgov. law. harvard. edu / 2016 / 03 / 03 / federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015 /
39
“ Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015,” United States Department of Homeland Security, United States Department of Justice, June 15, 2016, https:// www. us-cert. gov / sites / default / files / ais _ files / Non-Federal _ Entity _ Sharing _ Guidance _% 28Sec % 20105 % 28a % 29 % 29. pdf
40
Robyn Greene,“ Is CISA gift-wrapped for hackers and nation-state actors?,” TheHill. com, August 3, 2015, http:// thehill. com / blogs / pundits-blog / technology / 250070-is-cisa-gift-wrapped-for-hackers-and-nation-state-actors
41
Lee Tien,“ EFF Strongly Opposes CISA Cyber Surveillance Bill and CFAA Amendment,” October 22, 2015, Electronic Frontier Foundation, https:// www. eff. org / deeplinks / 2015 / 10 / eff-strongly-oppose-cisa-cyber-surveillance-bill-and-cfaa-amendment
42
Eliza Sweren-Becker,“ Congress Working in the Dark on Cybersecurity Bill,” ACLU. org, November 17, 2015, https:// www. aclu. org / blog / free-future / congress-working-dark-cybersecurity-bill
43
Dustin Volz,“‘ Digital Geneva Convention’ needed to deter nation-state hacking: Microsoft president,” Reuters, February 14, 2017, http:// www. reuters. com / article / us-microsoft-cyber-idUSKBN15T26V
22 ACAMS TODAY | SEPTEMBER – NOVEMBER 2017 | ACAMS. ORG | ACAMSTODAY. ORG