Microsoft partners with financial services industry to fight cyber crime

Microsoft is to feed real-time cyber threat intelligence to the global financial services industry to help fight cyber crime

Microsoft is to share cyber threat intelligence with the Financial Services Information Sharing and Analysis Center (FS-ISAC) to help fight cyber crime.

FS-IS is a member-owned, non-profit organisation set up by members as the global financial industry's resource for cyber and physical threat intelligence analysis and sharing.

Microsoft has worked with FS-ISAC before to tackle cyber crime by disrupting its infrastructure.

Under the new collaboration agreement, Microsoft will provide FS-ISAC members with visibility into malware infections on banking networks.

This agreement is the latest example of Microsoft proactively partnering with customers, industry leaders and global law enforcement to counter cyber threats.

Criminals have moved into cyber space to target banks, businesses and customers to steal millions of dollars without ever cracking a safe, said Richard Boscovich, assistant general counsel at Microsoft’s Digital Crimes Unit.

He said Microsoft has seen this firsthand from its work with the FBI, FS-ISAC and other partners to disrupt the Citadel botnet, which cyber criminals deployed to infect thousands of computers to steal banking information and identities from unwitting victims.

“More recently, we worked with law enforcement in the United Kingdom to disrupt the Caphaw botnet [also known as Shylock], which targeted banks in Europe,” Boscovich wrote in blog post.

The most critical component of Microsoft’s efforts to thwart cyber criminals online is deep partnerships with law enforcement and industry partners, including FS-ISAC, he said.

Under the new collaboration pilot programme, Microsoft will give FS-ISAC members near real-time information on known malware infections affecting more than 67 million unique IP address.

The programme is aimed at enabling FS-ISAC members to identify infected computers on their networks quickly and remove malware.

The threat intelligence will be provided using an automated, confidential and secure feed distributed via the cloud with Microsoft Azure.

“This collaboration will provide valuable intelligence into the global threat landscape affecting the financial services industry, including distributed denial of service attacks and financial botnet attacks,” said Boscovich.

“Together, we’ll be able to better protect FS-ISAC’s members and Microsoft customers from cyber-threat,” he said.

At the RSA Conference 2014 in March, Microsoft and FS-ISAC defended their actions to disrupt criminal botnets.

Opponents argue that collateral damage is too high and researchers say it limits their opportunity to study botnets in action.

But Microsoft and FS-ISAC said the goal is always to protect the ecosystem and people whose computers have become infected with botnet malware.

They said they measured the success of the Citadel campaign by the fact that FS-ISAC members reported between 86% and 98% reduction in fraud following the takedown of the botnet. 

In June, the UK finance industry launched a cyber security framework for sharing detailed threat intelligence, testing cyber security and benchmarking financial service providers.

The CBEST framework was developed by the Council of Registered Ethical Security Testers (Crest) and cyber intelligence company Digital Shadows in collaboration with the Bank of England, Her Majesty’s Treasury and the Financial Conduct Authority (FCA).

The framework was the first of its kind to be led by any of the world’s central banks.

Launching the framework at the Bankers Association in London, Andrew Gracie, executive director of resolution at the Bank of England, emphasised the importance of CBEST to help UK financial services organisations protect against increasingly sophisticated cyber attacks on their core systems.

Cyber attacks targeting financial firms

Concerns about the vulnerability of financial institutions and markets were further fueled in August 2014 when the FBI said it was investigating a series of co-ordinated cyber attacks at JP Morgan Chase and at least four other financial institutions.

Also, in August a report from business consultancy KPMG said cyber attacks or disruption could cause the next systemic shock to the UK banking industry, rather than a liquidity crunch.

It said that, while the banking industry has addressed many of the problems that led to the financial crisis in 2008, cyber attacks or very large systems outages represented threats yet to be addressed.

In September 2014, the UK government and financial services organisations made further moves to shore up cyber defences

The British Bankers' Association (BBA) commissioned BAE Systems Applied Intelligence to create a system that will give banks early warning of cyber threats.

The Financial Crime Alerts Service (FCAS) system is aimed at enabling 12 government and law enforcement agencies, including the National Crime Agency (NCA), to make banks aware of potential threats as early as possible.

The move coincided with a warning by a US financial services regulator that a cyber attack on the US finance system could be the computer equivalent of the 9/11 attacks in 2001.

Benjamin Lawsky, superintendent of the New York State Department of Financial Services, said he was worried about a major cyber attack on the US finance system.

"We like to say that, to some extent, the failures to detect the 9/11 plot were a failure of imagination and communication

"I'm worried about the same thing here – that an event will happen and we'll look back and say: 'How did we not do more?”

Lawsky told a Bloomberg event in New York that he thought it only a matter of time before such an attack happens.

Read more on Hackers and cybercrime prevention