The increasingly complex and ever shifting pattern of cyber threats demands a new and collective response. The sheer increase in cyber threats requires a paradigm shift in our thinking and approach to address the rapid changes in attack vectors and methods. We have to constantly evaluate our security posture to ensure we are agile, resilient, and prepared. This is truly a highly connected world and an unprecedented evolution in Internet global connectivity. With this highly connected world comes a dramatic increase in cyber crime, which demands thought leadership in defending and protecting our intellectual property, customers, citizens, businesses, and nations. Each of us, as responsible stakeholders, plays a role in the mission to fight cyber crime. We need a comprehensive and collaborative approach.
We rapidly build intelligence so that the threat can be:
1. Identified – who is involved and where they are located?
2. Mitigated – stop it from spreading.
3. Neutralized – defused through:
ü Seizing assets, funds, dismantling infrastructure, and making arrests
ü Proactive law enforcement engagement
ü Implementation of interim technology solutions
ü Shared tools and techniques
This combination enables our partners to protect their brand, reputation, shareholder value, economic losses, and customer confidence.
Our membership is constantly growing both domestically and globally across private industry, law enforcement, government, and academia. The NCFTA has a proven track record and is a model for centers like ours around the globe. We are focused on collaborating, cooperation, sharing, execution, and results.
What will the NCFTA provide for participants?
ü A physical forum to meet with NCFTA analysts, law enforcement, scholars, and peer firms
ü Dedicated staffing, including a program manager and analysts, specializing in each initiative
ü Focus Group meetings for each initiative
ü Intelligence feeds built and maintained by the NCFTA
ü Monthly initiative calls, to include updates on trends, law enforcement efforts, and gaps needing attention
ü Numerous contacts to help inform and encourage coordination within law enforcement agencies working elements of similar cases
ü Assessment reports based on NCFTA intelligence, including focused benchmarking and success metrics on each initiative
The CyFin Program is dedicated to cyber threats targeting the financial services industry. NCFTA has combined several ongoing and increasingly overlapping initiatives into one broader “umbrella” initiative named CyFin. This name was chosen to reflect the broader topic of “Financial Crimes over the Internet” and, in part, to reflect increased tendency of international organized cyber-criminals to rapidly “siphon” victim accounts via a variety of social engineering techniques as well as the use of malware and keystroke loggers.
In moving this initiative forward, refined information sharing and triage tools have been developed, and teams of dedicated analysts and investigators have been assigned to this endeavor. Partners in this effort include a growing list of financial services organizations, on-line merchants, anti-virus companies, payment/payroll processors, and telecommunications providers. Similarly, a growing team of federal and international law enforcement is regularly enlisted in support of this cause.
Brand & Consumer Protection Program: The utilization of the Internet for the sale of counterfeit merchandise is a serious problem for US manufacturers and customers. In order to aid in the mitigation of this problem, NCFTA has partnered with the National Intellectual Property Rights Coordination Center (NIPRC) to provide comprehensive and actionable intelligence on individuals/groups involved in the distribution of counterfeit merchandise. The initiative aims to work with industry members and law enforcement to identify pertinent targets affecting multiple organizations and provide mitigation for those members.
NCFTA utilizes cyber forensic tools and methodologies to provide intelligence on the actors and key infrastructure components, in support of criminal and/or civil investigations, regarding the sale of counterfeit merchandise. Additionally, NCFTA strives to engage additional industry partners in order to better facilitate communication between industry and law enforcement to aid in the goals of identification, neutralization, and mitigation.
The Malware & Botnet Program is dedicated to better understanding the technology and identifying individuals or groups who utilize malicious code to enable crimes. The NCFTA maintains a collection of data regarding malicious code incidents, the network architecture being utilized to execute the schemes, and the communication channels implemented in these architectures.
NCFTA technical teams analyze this data to -among other things- identify criminal hosting providers that allow malicious code to be distributed through their servers. The data is also correlated with other datasets in order to link malicious code incidents with other cyber crimes, such as brokerage fraud, economic espionage, phishing, and other types of credential theft. In doing so, the NCFTA seeks to identify trends or patterns within the data repository that will help to better detect such threats in the future and to assist in mitigation and neutralization efforts together with NCFTA partners.
To further advance this initiative, NCFTA analysts participate in a number of operational security communities and working groups that focus on cyber threats associated with malicious code. In doing so, NCFTA staff members continually seek to strike a delicate balance between monitoring for investigations and aggressive mitigation when appropriate, to protect partners and other US economic interests.
Understand the Threat
Share Information and Resources
Embedded Public and Private Partners
The NCFTA is a productive environment because we operate as one unit with our private and public sector partners. Our partners are located both on-site and off-site and come from private industry, law enforcement, academia, and government. They collaborate with our Research Analysts, Program Managers, and support staff to achieve our shared vision and mission.
It is a model that works; a model being replicated across the globe. In fact, we have partners in other countries looking to establish this model and they are working directly with NCFTA to learn best operational practices. Through this global collaboration, NCFTA is able to expand our intelligence and information-sharing capabilities to discover emerging trends worldwide.
One Team, One Goal.
Companies, Government, And Academia
Working Together To Neutralize Cyber Crime.
NCFTA JOINS TARGET’S CYBERSECURITY COALITION
The National Cyber-Forensics and Training Alliance (NCFTA) is pleased to join Target, the National Cyber Security Alliance (NCSA), and the Better Business Bureaus (BBB) to form a coalition to assist in educational awareness of cyber threat activity affecting all consumers.
When Target approached the NCFTA to be a part of this coalition, we were thrilled and honored. Target has a long standing history and distinction of trust and doing the right thing. Their approach to this adverse situation is not surprising, given their core values as a company and their commitment to communities. The NCFTA is very proud to work with such trustworthy national organizations like Target, the BBB and the NSCA towards a safer cyber future for everyone, consumers and businesses.
In today's highly connected digital world, it is more important than ever for people to be more vigilant in regards to their cyber hygiene. Education, knowledge and awareness to all of the schemes and techniques are critical to protect ourselves. None of us are immune – from a personal or business perspective – but all of us can take steps to educate ourselves against the threats. Cyber threats are constantly evolving and increasing complex.
Now, it is more important than ever to teach and spread the word to employees, friends, family, how to protect themselves from cyber criminals and threats. When Target considered NCFTA as part of this coalition, we were truly honored to work with the BBB and NSCA in this worthy effort.
Target’s Newsletter – “A Bullseye View”: http://www.abullseyeview.com/category/databreach//
National Cyber Security Alliance: http://staysafeonline.org/
Better Business Bureaus: http://www.bbb.org/council/
FOR IMMEDIATE RELEASE Contact: Fleishman-Hillard Alex Kepnes, 703-575-8900 [email protected] PENNSYLVANIA GOVERNOR TOM CORBETT, FBI, DEPARTMENT OF HOMELAND SECURITY, AND UNITED KINGDOM OFFICIALS TO ADDRESS GOVERNMENT AND INDUSTRY COLLABORATION ON FIGHTING CYBER THREATS Forum to Focus on Steps Industry and Government Must Take to Address Cyber Threats at National, State and Local Levels [...]
Individuals should be vigilant of emails concerning tax refunds. Fraudsters consistently send spam appearing to be from the IRS and financial institutions containing a link to a phishing website and/or malware typically during tax season in the US. Fraudsters then attempt to either socially engineer potential victims and/or infect their computers in order to gain [...]
The NCFTA, along with its law enforcement and industry partners, has observed that cyber criminals are gaining access to compromised email accounts and leveraging the relationship between the email account holder and their financial advisor to request unauthorized wire transfers. The criminals either use the existing email address or slightly change the email address by adding or supplementing a letter or number. The criminals then typically attempt to socially engineer the advisor through stories of hardship or loss in order to justify the wire transfer.
Once the criminals have verified the amount in the account, they request that funds be sent to bank accounts in the US, Australia, and Malaysia. Some of the funds sent to US and Australian accounts have ultimately been sent to Malaysian accounts. Some of the money mules were recruited by romance scams on dating websites. Banks, brokerage firms, and credit unions of all sizes have been affected by this scam.
Please see http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf for additional information on this scam and guidance on how to report such incidents to law enforcement.