Ahileos - Fotolia
The exercise, held at Europol’s headquarters in The Hague, Netherlands, was aimed at providing first-hand experience of such attacks to merchants and the financial institutions that process their credit or debit card payments.
EC3 believes that merchants and their banks need a better understanding of how attacks work and what steps to follow when they are hit by a cyber attack.
The exercise brought together representatives from law enforcement, the retail industry, banking sector, forensic investigation field, Dutch Electronic Crimes Task Force (ECTF) and Dutch Computer Emergency Response Team (Cert).
EC3 said participants learned what their particular role is and who can provide assistance and advice when a cyber attack occurs.
In particular, the simulation revealed how to deal with threats such as infiltration to the payment system or denial of service (DoS) attacks.
Participants were briefed by industry and law enforcement experts concerned with mitigating, investigating and assisting in the event of a cyber hack.
Cyber criminals are increasingly targeting European merchants, resulting in significant financial losses to the industry.
Rise of financial sector fraud
In March 2016, Yelena Vorobyova, vice-president and deputy head of operations at Russian bank VTB24, warned that failure to pay proper attention to cyber risks could lead to colossal losses for financial organisations and customers.
“Perpetrators of fraudulent transactions are gradually moving from analogue transactions, such as withdrawal of large amounts of money from ATMs with counterfeit cards, to the digital environment, executing immediate transactions between dozens of e-wallets,” she said.
“Over the past two to three years, fraudulent activity has been on the rise [in the financial sector]. The most serious fraud is stealing data from millions of plastic cards from the processing centres of retailers.”
EC3 said collaborative exercises are an efficient way to promote best practices in dealing with cyber attacks and familiarising the affected parties with all the actors involved at each step of the investigation.
Such exercises are also effective in creating a network of trusted contacts to share information about cyber threats and ideas about strengthening defences to eliminate these threats.
Such simulations also seek to iron out the inconsistencies to ensure that the e-commerce environment becomes more secure to discourage cyber criminals and prevent financial loss.
Understanding cyber attack response roles
Steven Wilson, head of EC3, said the exercise underlines the importance of co-operation between public and private entities in ensuring a safe environment for European merchants.
“Moreover, it allows each actor to fully understand their role in a potential common point of compromise cyber attack, and provides a plan and the necessary know-how for merchants to be able to immediately remediate any such hack in real life and protect the financial data of as many of their customers as possible,” he said.
Ron Green, chief security officer at MasterCard, said the simulated attack exercise is one way to ensure that by being better prepared to deal with all aspects of potential cyber security issues, merchants and acquirers can react quickly.
“Quick action can also help ensure that the law enforcement community can do their part in fighting cyber crime,” he said.
The retail-focused exercise follows a two-day workshop by European law enforcement agencies and computer security incident response teams in November 2016 to find ways of improving the sharing of information on cyber crime.
The workshop was hosted by EC3 in collaboration with the European cyber security agency Enisa. Steven Purser, head of Enisa’s core operations unit, said sharing information was key to improving approaches to cyber security across the European Union.
“However, the challenge is to link information to specific goals and to share the right information with the right people for the right purpose, and this workshop is a step in the right direction,” he said.
Read more about cyber crime
- The majority of businesses do not comprehend the methods and motivations of cyber attackers or fully understand the scale of the threat, a BT-KPMG report reveals.
- More than half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime, says a PwC report.
- Co-operation with business in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers.