EAST Development Director Rui Carvalho will represent EAST at Europol’s Advisory Group on Financial Services, an advisory group to the Programme Board of the European Cybercrime Centre (EC3). In the context of the cross-border fight against cybercrime the purpose of the advisory group is to:
- bring knowledge and expertise to the Programme Board on the impact of cybercrime on financial services and on how this sector and law enforcement can cooperate in the prevention and combating of cybercrime;
- update and share all relevant information and expertise on developments in the area of cybercrime that affect financial services;
- assist the Programme Board in defining priorities for the work of EC3 in this area, including by advising on the cooperation with the financial services and on developing concepts for enhanced prevention;
- advise the Programme Board on increasing the sharing/exchange of information between law enforcement and financial services.
EAST has worked closely with Europol since 2004 and in 2015 Europol and EAST signed a Memorandum of Understanding to further strengthen the partnership.
EAST Executive Director Lachlan Gunn said: “I am delighted that EAST can support Europol in the Advisory Group on Financial Services, a further development of our strategic partnership. Since 2015, and in addition to the normal operation of our National Member and Expert Group meetings, EAST has supported Europol at five strategic payment card fraud meetings in Asia, most recently in May in Vietnam, and also at similar meetings in The Hague and in Colombia. We have also presented at three Europol Trainings on Payment Card Fraud Forensics, most recently in June at the Spanish National Police Academy.”
The 42nd Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol on 7th June 2017. National country crime updates were provided by 26 countries, and a global update by HSBC.
EAST Fraud Update 2-2017 will be produced later this month, based on the updates provided at the meeting. EAST Fraud Updates are available on the EAST Website to EAST Members.
The 42nd EAST Meeting was the final meeting of EAST as the ‘European ATM Security Team’. As announced by EAST Executive Director Lachlan Gunn, at the EAST FCS Forum on 8th June 2017, EAST has now changed to become the ‘European Association for Secure Transactions’.
The European Cybercrime Centre, EC3, at Europol is working closely with affected countries cybercrime units and key industry partners to mitigate the threat of cyber attack and assist victims. The recent Wannacry ransomware attack is at an unprecedented level and will require a complex international investigation to identify the culprits. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation.
For further information on Ransomware, how to protect your data, devices, what to do when infected with ransomware and access to unlocking tools please visit https://www.nomoreransom.org/, a free online resource developed by Europol, Dutch Police and industry partners.
At the EAST Financial Crime & Security Forum (EAST FCS 2017) that will be held in The Hague next month, Group-IB, an organisation that specialises in preventing and investigating high-tech crimes and online fraud, will present on global developments in ATM related theft – tactics, techniques and procedures – alongside new trends in attacks on card processing and payment systems.
The 39th Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol in the Hague on 8th June 2016. National country crime updates were provided by 23 countries, and a global update by HSBC. Europol attended the meeting as an observer and gave an update on successful operations that followed the Second Strategic Meeting on Payment Card Fraud.
EAST Fraud Update 2-2016 will be produced in July, based on the updates provided at the meeting. EAST Fraud Updates are also available on the EAST Website to EAST Members (National &Associate), and to individual subscribers.
Europol’s European Cybercrime Centre (EC3) and Trend Micro have announced the release of a new joint report, “ATM Malware on the Rise”, which offers a comprehensive overview of the ATM malware threat and the specific malware types in circulation.
With more than three million ATMs across the globe and the total number of cash withdrawals averaging around EUR 8.6 billion per year, ATMs are an attractive target for criminal attacks. Through the use of specially designed malware, attackers no longer need to use traditional safe cracking methods to empty an ATM’s money safe.
In this report, the first of its kind to offer such a comprehensive overview on the topic, Trend Micro and Europol highlight the increasing sophistication of cyber criminals in terms of how attacks are planned and orchestrated, using both new methods and techniques in conjunction with well-known attack vectors.
More information can be found on the Europol website. To counter the ATM Malware threat Europol and the EAST Expert Group on ATM Fraud (EGAF) produced ‘Guidance & recommendations regarding logical attacks on ATMs’ in June 2015. EAST EGAF continues to focus on the latest ATM malware and logical threats and what can be done to counter them.
This new and restricted report has been released to a closed audience consisting of law enforcement authorities, financial institutions and the IT security industry. It has also been authorised for release to EAST Members (National and Associate).
Lachlan Gunn, EAST Executive Director, and Otto de Jong, Chair of the EAST Expert Group on ATM Fraud (EGAF), attended the Europol-Interpol Cybercrime Conference held at the European Cybercrime Centre (EC3) in The Hague.
Presentations on cybercrime threats were given by Europol (introducing the IOCTA 2015), Interpol, the Internet Security Industry and the Financial Sector. The tackling of ATM Malware was covered during this section. EAST has supported Europol with the production of ‘Guidance & recommendations regarding logical attacks on ATMs’.
Law Enforcement representatives from several countries highlighted exiting capabilities to fight cybercrime and an overview of international cooperation frameworks was given by various experts and then discussed by a panel.
Other topics included Cyber Security, fighting the abuse of Virtual Currencies and Cybercrime Evolution in Africa.
Today Europol announced the publication of its 2015 Internet Organised Crime Threat Assessment (IOCTA) at the Europol – Interpol Cybercrime Conference at the European Cybercrime Centre (EC3) in The Hague. The tackling of ATM Malware is shown as a priority under Payment Fraud on page 15 of the document. EAST has supported Europol with the production of ‘Guidance & recommendations regarding logical attacks on ATMs’.
The IOCTA is a law enforcement-centric threat assessment intended to inform priority setting for the EMPACT Operational Action Plan for 2016 in the three sub-priority areas of cybercrime (cyber attacks, child sexual exploitation online and payment fraud). It also seeks to inform decision-makers at strategic, policy and tactical levels on how to fight cybercrime more effectively and to better protect online
It is a forward-looking assessment presenting analyses of future risks and emerging threats, providing recommendations to align and strengthen the joint efforts of EU law enforcement and its partners in preventing and fighting cybercrime
For more information and to download a copy of the IOCTA visit Europol’s website.
The 36th Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol in the Hague on 10th June 2015. National updates were provided by 21 countries, and a global update by HSBC. Europol attended the meeting as an observer and a presentation was given by Oberthur Cash Protection on ink staining technology and French regulation and tests.
During the meeting a Memorandum of Understanding (MoU) was signed between Europol and EAST in order to further strengthen the cooperation in combating all types of payment crime.
EAST Fraud Update 2-2015 will be produced in July, based on the updates provided at the meeting. EAST Fraud Updates are also available on the EAST Website to EAST Members (National &Associate), and to individual subscribers.
Today, Europol’s European Cybercrime Centre (EC3) signed a Memorandum of Understanding (MoU) with EAST in order to further strengthen the cooperation in combating all types of payment crime, including card-not-present fraud, card present fraud, hi-technology crime, as well as ATM malware and physical attacks. The MoU allows Europol and EAST to exchange strategic data and other non-operational information.
The MoU was signed during the 36th EAST Meeting of National Members at Europol’s Headquarters in the Hague in the presence of all those attending. EAST holds three such meetings annually and the June meeting each year is hosted by Europol at EC3.
Europol’s Deputy Director of Operations, Wil van Gemert, said: “Europol’s EC3 is pleased to further increase the cooperation with EAST, creating further capacity to combat the threats of payment crime. We look forward to a continued engagement and cooperation with EAST and its stakeholders combating new payment industry threats”
“Europol attended our inaugural meeting in February 2004 and we have been working closely together since then,” said Lachlan Gunn, EAST Executive Director. “The signing of this agreement further strengthens this relationship. Over the past 11 years ATM related payment card fraud has been the major fraud issue faced by many of our National Members, but logical and malware attacks are now recognised as an increasing threat. Our National Members represent 31 countries, with a total of 655,398 ATMs, and our working relationship with the European Cybercrime Centre is of great strategic importance to both the public and private sector.”
Europol recognises the severity of the threat presented by ATM logical and malware attacks and has prepared guidelines regarding this threat to ATMs. The production of this document has been coordinated by the EAST Expert Group on ATM Fraud (EGAF), and is a first of its kind. “The Guidance and recommendations regarding logical attacks on ATMs” which covers also ATM malware attacks, will be officially released tomorrow at the 2nd EAST Financial Crime & Security (FCS) Forum on 11-12 June 2015, at which Europol will be delivering a keynote presentation. It is also a great example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly than was the case with the card skimming threat when it first materialised.
The first ATM malware incidents were reported in Western Europe in 2014. According to EAST statistics, these were ‘cash out’ or ‘jackpotting’ attacks,. In 2014 51 such incidents were reported, with significant related losses. The release of this document will be restricted to Law Enforcement and the payment/banking industry only.