AI-based cybercrime is here. How to keep bad actors at bay

AI-based cybercrime is here. How to keep bad actors at bay

Artificial intelligence and deepfakes are fast replacing bank robbers’ shotguns and ski masks. As new AI technology emerges, sophisticated cybercrime syndicates are using it to launch attacks against financial institutions.

Cyberattacks are skyrocketing — damages are expected to cost $8 trillion this year, according to Cybersecurity Ventures. If measured as a country, that would make cybercrime the third-largest economy in the world.

That’s why the U.S. Secret Service is working with Mastercard and other organizations to share intelligence and crack down on scams such as phishing and malware that menace global financial and payment systems.

“Cyber is the ultimate team sport — we’re interested in working with whoever is willing to work with us,” says Matt O’Neill, the Secret Service’s deputy special agent in charge of cyber. O’Neill joined Ron Green, Mastercard’s chief security officer and chairman of the Secret Service’s Cyber Investigation Advisory Board, to discuss how companies are working with law enforcement to help combat cybercrime.

Here’s what they think about the fast-growing malware economy, why small businesses are vulnerable and why human emotions are the weakest link.

Cyber syndicates are continually testing new tactics. Which of them keeps you up at night?

Green: I’m most concerned about social engineering, such as hacks that involve sending an email that evokes an emotional response. When we think about hackers, we think of sophisticated attackers looking to slip through electronic defenses. But once someone clicks and enters their credentials, that could potentially give hackers access to a system.

O’Neill: I agree — the human element is the most likely factor for compromise. We’re increasingly seeing voice recognition used as a means of authentication, and that’s a potential risk area. In 2014, I worked a case where somebody impersonating a large organization’s CEO called accounting to ask them to transfer millions of dollars to China. With today’s technology, you can use samples to sound exactly like the individual. And if fraudsters use spoofed phone numbers, you probably wouldn’t know you weren’t talking to your boss.

But these attacks aren’t limited in purpose to direct theft or blackmail via ransomware. A growing trend is cybercriminals breaching company firewalls seeking nonpublic market information, such as upcoming financial disclosures or confidential details about a pending acquisition, to conduct insider trading, cheating the stock market through a digital form of insider trading.

How is the malware economy evolving as cybercrime syndicates become more sophisticated?

Green: We’re dealing with very organized crime. Now threat actors are creating malware that can reach out to generative AI systems to create new versions of itself. It’s mutating using AI, like a germ does, so antibiotics can’t prevent its offspring spreading.

What tactics does the Secret Service use to combat cybercriminals?

O’Neill: We focus on financially motivated, transnational organized criminal groups, and most of our targets are in countries without extradition agreements. We try to dismantle these groups and seize their ill-gotten gains. Since 2022 we’ve seized nearly $2 billion in criminal proceeds. We work with as many foreign law enforcement partners as we can and share real-time information.

Talk us through a time when the Secret Service worked with Mastercard to thwart a cyberattack.

O’Neill: In 2019, nation-state-affiliated actors targeted financial institutions to conduct global cash-out operations. They planned to access a bank’s payments server for ATM withdrawals and use teams of accomplices to take out money at a specific time. By using traditional law enforcement methods to gain information and then pass that to Mastercard and other card brands, we were able to thwart many attacks in real time. Besides saving millions of dollars, we made arrests that really put a halt to ATM attacks.

Green: Sharing information allowed us to limit the attack. That’s why we really need partnerships with them as it identifies trends and keeps us informed. If businesses are a herd of sheep, the U.S. Secret Service is the watchdog who can spot the predators coming.

As the costs of cybercrime are predicted to skyrocket, are banks and financial institutions doing enough to protect themselves?

Green: Bigger organizations are taking it seriously, but the attacks are cascading down to vulnerable small and midsize businesses, which typically do not collaborate actively with the Secret Service or have resources like Mastercard’s intelligence team that can leverage and analyze a wealth of information. That’s why we’re always looking at opportunities to help them protect themselves.