FBI Director: Cyber Criminals Targeting Banks’ Third Parties

When asked about threats specifically targeting banks, Federal Bureau of Investigation Director Christopher Wray urged banks to be wary of “cyber criminals targeting the vulnerabilities in third-party services” as a way in to financial institution data, he said today at the ABA/ABA Financial Crimes Enforcement Conference. “The financial sector has the most robust cybersecurity of any industry,” he said, which is why cyber criminals try third party channels. Banks can also be affected by ransomware targeting third parties, a threat that Wray said “may be somewhat underestimated by a lot of people.”

FBI Director Christopher Wray speaks to the ABA/ABA Financial Crimes Enforcement Conference, Dec. 8, 2020.

Wray also urged banks’ financial crimes staff to deepen their partnership with the FBI and other law enforcement agencies, including building a working relationship with the FBI special agents working in their markets. “We now have private sector coordinators in every FBI field office. If you haven’t met that person in your city, you should make the connection,” he added. “Early notification to law enforcement can limit your losses and those of your customers. The FBI reviews every SAR we get.”

Meanwhile, as virtual currencies have become more mainstream—and have received growing support from banks and bank regulators—the FBI is seeing “predatory actors using virtual assets across all criminal platforms to launder illicit funds,” Wray said.

He added that “legitimate users of cryptocurrency markets and exchanges have now become tempting targets for both criminal and nation-state actors.” Stolen cryptocurrency assets can be attractive to criminals when enhanced by “cryptocurrency tumblers—that is, services that mix tracked and clean cryptocurrencies to hide transactions and hinder law enforcement’s ability to track open ledger currencies, like bitcoin.” Wray added that criminals are using virtual currencies to purchase botnets, launder illicit proceeds, evade sanctions and deepen anonymity.

“This kind of thing used to be limited to sophisticated adversaries,” Wray said. “But now, even relatively unsophisticated actors are using virtual currencies to cloak their activities.” In his remarks, he also discussed other trending fraud schemes, including coronavirus-related frauds (with 26,000 complaints reported to the FBI thus far), money mule scams, “e-skimming” that targets online shoppers’ payment data (which he said has grown by 20% during the pandemic) and synthetic identity fraud.