Putting the Lid on Cybercrime

One of our key themes at Sibos 2014 in Boston was the work that Microsoft does to fight cybercrime.

Cybercrime costs businesses billions of dollars every year, and financial service institutions are at an especially high risk. Malware and Trojans deployed to consumer devices and corporate workstations alike puts the identity of individuals at risk, and makes the theft of funds a real problem. At a personal level, identity theft is a harrowing experience and at the corporate level, the idea that malware might be used to fraudulently initiate multi-million dollar funds transfers keeps treasurers and heads of information security up at night. It seems every week there is news of new hacks at major banks, but the reality is that every major bank in the world receives multiple hack attempts on a daily basis.

Microsoft takes a very foot-forward stance to this, starting historically with the Trustworthy Computing (TWC) initiative established by Bill Gates back in 2002. TWC was founded in response to malware that was dramatically and negatively impacting the internet. This initiative reinforced Microsoft’s “security by design” approach in our software development activities. Since 2009, Microsoft has led efforts to disrupt the world’s largest and most notorious malware. We’ve partnered with a diverse range of private and public sector participants to disrupt these major drivers of global cybercrime. Fast-forward to Sibos 2014 where we will introduce you to Microsoft’s Digital Crimes Unit, or DCU, the team behind the scenes of these efforts within Microsoft. This is an international team comprised of more than 90 attorneys, investigators, forensic analysts and business professionals, based in 30 different countries, working to transform the fight against cybercrime. This group plays offense against global criminal organizations seeking to profit from cybercrimes. The DCU proactively works with law enforcement agencies around the world such as INTERPOL, the FBI and EUROPOL to identify, shut down and bring to justice cybercrime perpetrators – in whatever country they hide.

But how do we do this? We think of it as the ultimate big data project. The DCU uses Microsoft’s BI technology, including Power BI for Office 365, SQL Server and the Azure cloud platform to identify and track malware attached to infected IP addresses – and then to trace the origins of the malware to the source.

At Sibos this year we were especially excited to announce a continuation of our front-footed approach to cybercrime with a bilateral sharing agreement. At Sibos, the DCU team is announced a partnership with the Financial Services Information Sharing and Analysis Center (FS-ISAC) to make available our Cyber Threat Intelligence Program (C-TIP) feed to its member companies. Why is this important? Because every time the DCU team disrupts malware, there are thousands if not millions of IP address affected, and some of those may belong to a financial institution and can be compromised in other ways. As this pilot initiative expands, member banks will be able to see if any of their IP addresses have been infected and take immediate action. This provides additional security and peace of mind.

We can’t do this alone – and we invite all major financial institutions to join us to fight the good fight.