London Summit: Inside a Cyber TakedownJason Tunn of the Met Police Reviews Operation SAMBRE
It's rare that any of us is offered an opportunity to hear a first-hand tale of a financial cybercrime takedown coordinated by law enforcement, from beginning to end, across various countries.
See Also: The 2020 Magic Quadrant for SIEM
But this week in London, at Information Security Media Group's Fraud & Breach Prevention Summit, attendees will be privy to just such a case.
"The SWIFT attacks have reminded the financial world of a lot of things, such as the need for stronger user and transactional authentication, as well as more threat intelligence and information sharing."
Keynote presenter, Jason Tunn, who serves as the lead anti-fraud and cybercrime investigator for the Metropolitan Police Service in London, works within the Met's FALCON Cyber Crime division - the go-to department for cybercrime investigations in the U.K. During his address, Tunn will walk us through a high-profile cybercrime investigation that started after two British hackers with links to Russia began launching phishing attacks against leading U.K. banks in an effort to spread malware for the purpose of compromising bank accounts and financial transactions.
The investigation, known as Operation SAMBRE, resulted in the October 2015 arrest of three individuals, two of whom are now serving jail time, for the roles they played in attacking banks in the U.K. and other parts of the world with the notorious banking Trojan known as Dridex.
Tunn's keynote will offer a rare opportunity to hear from law enforcement about a cybercrime investigation that is now completely open-book and on-the-record.
At the end of the day, Tunn, along with cybersecurity attorney John Salmon, a partner at London-based law firm Hogan Lovells International LLP; Paul Simmonds, CEO of the Global Identity Foundation; and Peter Yapp, deputy director of incident management at the newly formed National Cyber Security Centre, will sit on a panel to discuss how organizations can work best with law enforcement before, after and during a cyberattack.
Building on highlights from his keynote, Tunn and the other panelists will review breach notification and legislative changes that are likely to soon impact U.K. and European businesses in the near future. The panel also will discuss recent events that are helping enhance threat intelligence sharing and collaboration among government, law enforcement and the financial-services sector in the U.K. through the formation of the National Cyber Security Centre, better known as the NCSC.
That panel will be one of the day's must sees.
But I'm also eager to see the afternoon session hosted by Jennifer Arcuri, co-founder of Hacker House, a Manchester-based training ground for ethical hacking. In addition to training, Hacker House also provides penetration testing, helping organizations identify security gaps not-so-ethical hackers could likely exploit.
Arcuri's session, "You Just Got Pwned!" will walk through commonly used social-engineering tactics hackers employ to compromise credentials and take over systems. During this demonstration, Arcuri will share her own experience with credential compromise and phishing - she was hit with a well-crafted socially engineered scheme that alleged she had family ties to the Ku Klux Klan and which ultimately resulted in the fraudulent transfer of funds from her PayPal account.
Lessons from SWIFT and Threat-Intel Across Sectors
Payments security and updates about cross-industry sharing between financial services and retail also will be key discussion points. Jeremy King, international director of the PCI Security Standards Council, and Ralph Smith, coordinator of the Financial Services Information Sharing and Analysis Center's CAPS Cyber Attack Program in the U.K. and Ireland, will review how the evolving threat landscape is impacting financial services and payments across the board.
During a mid-morning session titled "Preparing for the Payments Revolution, from Contactless to Beyond," King will explore how the emergence of new payments instruments, such as mobile devices and wearables, are opening doors for contactless payments and all of the new risks associated with them. Later in the afternoon, King, Smith and Ben Lindgreen, who heads up security delivery for Payments UK, an independent trade association that supports the payments system in Britain, will discuss how the $81 million SWIFT transaction cyber heist from the Bank of Bangladesh earlier this year helped to catapult change in interbank transaction and payment security.
The SWIFT attacks have reminded the financial world of a lot of things, such as the need for stronger user and transactional authentication, as well as more threat intelligence and information sharing.
From the retail side of the house, we have Brian Engle, executive director of the Retail Cyber Intelligence Sharing Center, a U.S.-based cooperative between the FS-ISAC and the retail industry, who will share some of the new ground the retail industry is covering in cybersecurity and threat intelligence. As the R-CISC expands into Europe, this will be a worthwhile session for any attendee interested in learning more about emerging threats attacking payments worldwide.
If you're in London, or nearby, I hope you'll make an effort to attend. Join me and my colleagues Mat Schwartz, executive editor of DataBreachToday and our lead editor for Europe, and Tom Field, vice president of editorial for ISMG, for a day packed full of great information. You can learn more about how to register for this once-a-year event by visiting the London summit registration page.