Cybercriminals will leverage AI as an attack vector and an attack surface

A jointly developed new report by Europol, the United Nations Interregional Crime and Justice Research Institute (UNICRI) and Trend Micro looking into current and predicted criminal uses of artificial intelligence (AI) has been released.  It provides law enforcers, policymakers and other organisations with information on existing and potential attacks leveraging AI and recommendations on how to mitigate these risks.

The report concludes that cybercriminals will leverage AI both as an attack vector and an attack surface.  Deep fakes are currently the best-known use of AI as an attack vector.  However, the report warns that new screening technology will be needed in the future to mitigate the risk of disinformation campaigns and extortion, as well as threats that target AI data sets.

For example, AI could be used to support:

  • convincing social engineering attacks at scale;
  • document-scraping malware to make attacks more efficient;
  • evasion of image recognition and voice biometrics;
  • ransomware attacks, through intelligent targeting and evasion;
  • data pollution, by identifying blind spots in detection rules.

The paper also warns that AI systems are being developed to enhance the effectiveness of malware and to disrupt anti-malware and facial recognition systems.

The EAST Payments Task Force is focussed on payment issues related to social engineering, malware, ransomware and other cyber threats, and notes that this report is an important step forward in assessing the rapid evolution of cybercrime.

The three organisations make several recommendations to conclude the report:

  • harness the potential of AI technology as a crime-fighting tool to future-proof the cybersecurity industry and policing;
  • continue research to stimulate the development of defensive technology;
  • promote and develop secure AI design frameworks;
  • de-escalate politically loaded rhetoric on the use of AI for cybersecurity purposes;
  • leverage public-private partnerships and establish multidisciplinary expert groups.

For more information and to download the report visit Europol’s website

EPTF holds Seventh Meeting

EPTFThe Seventh Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 15th April 2020.  Due to the Covid-19 situation it was conducted as a virtual meeting and 16 EPTF members participated.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers took part.

There was a detailed discussion on the impact of Covid-19 on fraud and updates were provided from Austria, France, Germany, the Netherlands, Norway, Portugal, Spain and the United Kingdom  Updates were also given by Europol, Group-IB and Trend Micro.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 213 EAST Associate Member Organisations from 53 countries and territories.

EPTF holds Fifth Meeting

EPTF

The Fifth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 17th April 2019 at the Banking & Payments Federation Ireland (BPFI) in Dublin.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and was attended by key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Providers and Solution Providers.

EPTFPresentations or updates were given by BANCOMAT S.p.A, Diebold Nixdorf,  EURO Kartensysteme GmbHEuropol, EVRY Norge AS, Fiducia & GAD, Group-IB, ING, INTERPOL, JP Morgan Chase, Payment Services Austria, PLUSCARD Gmbh, and Trend Micro.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 210 EAST Associate Member Organisations from 53 countries and territories.

EPTF holds Fourth Meeting

EPTFThe Fourth Meeting of the EAST Payments Task Force (EPTF) took place on Thursday 22nd November 2018 at the Banking & Payments Federation Ireland (BPFI) in Dublin.

The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.  The EPTF has recently published Payment Fraud Terminology and Payment Fraud Definitions.  The aim is for the payment fraud terminology, and related payment fraud definitions, to be adopted globally when describing or reporting payment and transaction fraud.

The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and was attended by key representatives from Card Issuers, Law Enforcement, Payment Processors, Payment Providers and Solution Providers.

Presentations or updates were given by BANCOMAT S.p.A, BPFI, Diebold Nixdorf,  EURO Kartensysteme GmbHEuropol, INTERPOL, PayLife, PayPal, Trend Micro, Visa Europe.

The Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.  EAST National Members represent 35 countries and outputs from the group are presented to National Member Meetings.  There are 202 EAST Associate Member Organisations from 52 countries and territories.

ATM Malware Report issued by Europol and Trend Micro

ec3_logo_17Europol’s European Cybercrime Centre (EC3) and Trend Micro have announced the release of a new joint report, “ATM Malware on the Rise”, which offers a comprehensive overview of the ATM malware threat and the specific malware types in circulation.

With more than three million ATMs across the globe and the total number of cash withdrawals averaging around EUR 8.6 billion per year, ATMs are an attractive target for criminal attacks. Through the use of specially designed malware, attackers no longer need to use traditional safe cracking methods to empty an ATM’s money safe.

In this report, the first of its kind to offer such a comprehensive overview on the topic, Trend Micro and Europol highlight the increasing sophistication of cyber criminals in terms of how attacks are planned and orchestrated, using both new methods and techniques in conjunction with well-known attack vectors.

More information can be found on the Europol website.  To counter the ATM Malware threat Europol and the EAST Expert Group on ATM Fraud (EGAF) produced ‘Guidance & recommendations regarding logical attacks on ATMs’ in June 2015.  EAST EGAF continues to focus on the latest ATM malware and logical threats and what can be done to counter them.

This new and restricted report has been released to a closed audience consisting of law enforcement authorities, financial institutions and the IT security industry.  It has also been authorised for release to EAST Members (National and Associate).