- Government organizations and financial institutions must take urgent action to combat a rise in malicious cyber activity threatening to disrupt the global economic system, according to a report from the Carnegie Endowment for International Peace along with the World Economic Forum.
- Fintech business development and the digital transformation of the banking industry is creating opportunities for criminal hackers and rogue states to attack vulnerable systems, according to the report. North Korea has stolen more than $2 billion from 38 countries in the past five years, according to the report.
- "It is critical for government and industry to better organize themselves," Tim Maurer, senior fellow and director of the Cyber Policy Initiative at the Carnegie Endowment, said in an email. "We need to break down the silos of different communities, because the malicious actors are clearly optimizing for success leveraging the Dark Web, and states relying on non-state actors to do their bidding or to buy their tools and services."
The report urges governments in the G7 and G20 to develop tighter controls that will protect the financial sector from emerging cyberthreats and create joint exercises with financial institutions and cloud-based service providers to test the resilience of the system against potential global cyber disruptions.
The group of more than 200 international stakeholders was, in part, responding to a surge in cyberthreat activity during the outbreak of COVID-19. The transition forced millions of people worldwide to relocate and use home-based computer systems that in many cases have been vulnerable to sophisticated attackers.
"Law enforcement agencies warned soon after the outbreak of the pandemic that they had witnessed a significant increase in fraud, with cybercriminals exploiting the pandemic and people working from home and relying on online services," Maurer said. "Hackers have also targeted the massive amount of money governments are pumping into society to stabilize the economy."
Criminal gangs developed more sophisticated versions of ransomware and other hacking tools, including penetration tools like Cobalt Strike and PowerShell Empire, according to the report. London-based Travelex, the global currency exchange, was hit by a ransomware attack on New Year's Eve 2019, which cost the firm up to $30 million and eventually contributed to a bankruptcy filing.
Key officials from the U.K., U.S., and other nations participated in the development of the report, with several speaking out on the threat during a virtual presentation.
Given the potential risks to the global financial systems, Bank of England Gov. Andrew Bailey said until this year he was more concerned about operational risks, and saw cyberthreats as a risk underlying that. Following 9/11, the concern was more about maintaining physical distance, while being able to closely tie operating environments together to allow for seamlessly switching after an attack. However, the advent of sophisticated cyberthreats require a new way of thinking, he said. "This is the quintessential risk that doesn't know borders."