AML CHALLENGES
Join the call for stronger international agreements and alliances among governments and law enforcement agencies financial transaction as it occurs . 31 Other related cyberthreats include man-in-the-mobile , man-in-the-app , man-in-the-cloud and man-in-the-IoT attacks . 32
In conclusion , on the perplexing issue of cyberattacks by nationstate actors , responses may include the following :
• Research cyberattacks by nation-state actors and commercial and governmental responses to such cyberattacks . Online search terms like “ advanced persistent threats ” ( APTs ) may be helpful . APTs often cover large-scale cyberattacks incited by nation-states — such as China , Russia , Iran and North Korea 33 — or by hacking groups , companies or organizations that serve as their proxies . 34 APTs may also include cyberattacks that are directed at major institutions by foreign terrorists and criminal organizations . 35
• File timely suspicious activity reports ( SARs ), pursuant to the U . S . Department of the Treasury ’ s Financial Crimes Enforcement Network ’ s recently issued advisory to financial institutions on cyber-events and cyber-enabled crime . 36
• In addition to filing SARs , other public-private information sharing options may include those outlined by the Cybersecurity Information Sharing Act of 2015 ( CISA ), 37 a U . S . federal law designed to encourage public-private information sharing on cyberthreats . 38 Please note :
— CISA is not a substitute for other federal reporting , such as timely SAR filings . 39
— CISA submissions must be attentive to information privacy and cybersecurity concerns , given the possibility of a CISA data breach by cybercriminals , including nation-state actors and their proxies . 40
— CISA has been criticized by information privacy and civil liberties groups , like the Electronic Frontier Foundation ( EFF ) 41 and the American Civil Liberties Union ( ACLU ). 42
• Join the call for stronger international agreements and alliances among governments and law enforcement agencies , prompted by the recent wave of cyberattacks backed by nation-states . 43
31
Dauda Sule , “ Man in the Browser — A Threat to Online Banking ,” ISACA Journal , Volume 4 , 2016 , https :// www . isaca . org / Journal / archives / 2013 / Volume-4 / Documents / 13v4-Man-in-the-Browser . pdf
32
Michael Gregg , “ Six Ways You Could Become a Victim of Man-in-the-Middle ( MiTM ) Attacks This Holiday Season ,” Huffington Post , November 12 , 2016 , http :// www . huffingtonpost . com / michael-gregg / six-ways-you-could-become _ b _ 8545674 . html
33
Frank J . Cilluffo , “ Emerging Cyber Threats to the United States ,” United States House of Representatives testimony , February 26 , 2016 , http :// docs . house . gov / meetings / HM / HM08 / 20160225 / 104505 / HHRG-114-HM08-Wstate-CilluffoF-20160225 . pdf
34
Tom Spring , “ Nation States Distance Themselves from APTs ,” Threatpost , February 14 , 2017 , https :// threatpost . com / nation-states-distancing-themselves-from-apts / 123711 /
35
Limor Kessem , “ Organized Cybercrime ’ s New Bull ’ s-eye : Bankers ,” SecurityIntelligence , April 8 , 2016 , https :// securityintelligence . com / organized-cybercrimes-new-bulls-eye-bankers /
36
“ FIN-2016-A005 Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime ,” United States Department of the Treasury - Financial Crimes Enforcement Network , October 25 , 2016 , https :// www . fincen . gov / sites / default / files / advisory / 2016-10-25 / Cyber % 20Threats % 20Advisory % 20- % 20FINAL % 20508 _ 2 . pdf
37
S . 754 , “ Cybersecurity Information Sharing Act of 2015 ,” Congress . gov , October 27 , 2015 , https :// www . congress . gov / 114 / bills / s754 / BILLS-114s754es . pdf
38
Brad S . Karp , “ Federal Guidance on the Cybersecurity Information Sharing Act of 2015 ,” Harvard Law School Forum on Corporate Governance and Financial Regulation , March 3 , 2015 , https :// corpgov . law . harvard . edu / 2016 / 03 / 03 / federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015 /
39
“ Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 ,” United States Department of Homeland Security , United States Department of Justice , June 15 , 2016 , https :// www . us-cert . gov / sites / default / files / ais _ files / Non-Federal _ Entity _ Sharing _ Guidance _% 28Sec % 20105 % 28a % 29 % 29 . pdf
40
Robyn Greene , “ Is CISA gift-wrapped for hackers and nation-state actors ?,” TheHill . com , August 3 , 2015 , http :// thehill . com / blogs / pundits-blog / technology / 250070-is-cisa-gift-wrapped-for-hackers-and-nation-state-actors
41
Lee Tien , “ EFF Strongly Opposes CISA Cyber Surveillance Bill and CFAA Amendment ,” October 22 , 2015 , Electronic Frontier Foundation , https :// www . eff . org / deeplinks / 2015 / 10 / eff-strongly-oppose-cisa-cyber-surveillance-bill-and-cfaa-amendment
42
Eliza Sweren-Becker , “ Congress Working in the Dark on Cybersecurity Bill ,” ACLU . org , November 17 , 2015 , https :// www . aclu . org / blog / free-future / congress-working-dark-cybersecurity-bill
43
Dustin Volz , “‘ Digital Geneva Convention ’ needed to deter nation-state hacking : Microsoft president ,” Reuters , February 14 , 2017 , http :// www . reuters . com / article / us-microsoft-cyber-idUSKBN15T26V
22 ACAMS TODAY | SEPTEMBER – NOVEMBER 2017 | ACAMS . ORG | ACAMSTODAY . ORG