29 April 2020

COVID-19’s Other Virus: Targeting the Financial System

TIM MAURER, ARTHUR NELSON

“The COVID-19 pandemic provides criminal opportunities on a scale likely to dwarf anything seen before. The speed at which criminals are devising and executing their schemes is truly breathtaking,” officials from the U.S. Secret Service and the FBI warned on April 14, 2020.

A day later, the U.S. government specifically declared that North Korea’s “malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system.”

Alarm bells should go off in capitals around the world as governments free up vast amounts of money to tackle the economic crisis triggered by the coronavirus pandemic. The EU has dedicated €3.2 trillion, the U.S. Congress passed a $2 trillion stimulus package, and Japan is spending nearly $1 trillion.

Financial institutions are the distribution network to get funds to companies and citizens, but during the pandemic lockdown they are particularly vulnerable and present an even juicier target not just for North Korea but for cyber criminals in general.


Employees are now working remotely on less secure personal networks and devices. They represent a greater target surface—that is, the number of potential targets—for hackers to exploit and find entryways into sensitive systems. It is harder for defenders to prevent and respond to attacks because communication channels are harder to maintain virtually.

Arthur Nelson is a research analyst in Carnegie’s Cyber Policy Initiative.

Only two months ago, on February 5—which now seems like an eternity ago—Christine Lagarde, president of the European Central Bank (ECB), cautioned that cyber attacks could cause a financial crisis. A month later, on March 3 and in response to the new coronavirus, the ECB alerted banks to prepare for an “increase of cyber-attacks.”

The coronavirus has deeply shaken the global economy; any further disruption could bring it to its knees as central banks exhaust their toolbox to stem the pandemic’s impact. All the more reason for an international coalition to be forged. This is about countries rallying together to rescue the global economy.

North Korea is one of the most threatening actors targeting financial institutions. Over the past decade, North Korea has used cyber attacks to steal some $2 billion, more than three times the amount of money it was able to generate through counterfeit activity over the four decades prior.

Alarmingly, North Korea has not shied away from destructive attacks. For example, Adrian Nish and Saher Naumaan, threat intelligence analysts at British defense and security firm BAE Systems, point to an attack on a Chilean bank in 2018, where the hackers covered their tracks “by deploying wiper malware that destroyed several thousand systems on the bank’s network and left banking operations unavailable for several days.”

North Korea is only the tip of the spear.

Cyber criminals have built transnational networks trading malware, software vulnerabilities, and services to monetize stolen data. They are nimble, innovative, and can quickly adapt to exploit crises like a pandemic. That is why governments need to look beyond North Korea and forge an international coalition to develop a comprehensive international cybersecurity strategy for the financial system more broadly.

In March 2017, G20 finance ministers and central bank governors warned for the first time that the “malicious use of Information and Communication Technologies (ICT) could . . . undermine security and confidence and endanger financial stability.”

They tasked the Financial Stability Board, an international body established in the wake of the 2008 financial crisis to monitor financial stability, to take stock of existing cybersecurity regulations worldwide and to develop a cyber lexicon.

However, this important work of central banks and financial supervisors remains largely siloed off from equally important actions by law enforcement agencies to deter malicious actors and efforts by diplomats to strengthen international norms and cooperation. Finance policy used to be largely independent from national security policy.

Coordination among these communities is improving slowly, but COVID-19 highlights the need and urgency for a much more coherent response.

The international community needs a vision and a multi-year strategy to connect the fragmented lines of effort to strengthen cybersecurity in the global financial system. This includes bridging various pillars, namely those focused on increasing operational resilience, deterring malicious actors, and building capacity for both governments and financial industry.

This is clearly a concern shared by capitals worldwide. This common crisis is a unique opportunity to strengthen multilateral cooperation, despite the pandemic doing its best to tear at the international fabric. The West has been able to work with Russia, China, and others on these issues in the past, for example to counter North Korea’s counterfeit activity. The new coronavirus may make this possible again today.

To quote Albert Einstein, “in the midst of every crisis lies great opportunity.” In this case, one opportunity lies in forging an international coalition to protect the international financial system against cyber threats.

No comments: