A new trend has emerged in the financial sector that has seen a rise in cyberattacks targeting smaller institutions as part of a greater effort by hackers to avoid detection, immediately profiting from these exploits while also establishing connections to potentially larger targets along the way. As recent history has demonstrated, cybercriminals generally tend to focus on larger, more lucrative firms and organizations given the sizable increase in revenue that can be garnered from these establishments as opposed to their smaller counterparts. For the most part, larger banks tend to invest heavily into cybersecurity systems and procedures and typically have far greater resources and capable personnel at their disposal than small banks. And while larger institutions are often forced to manage the risks that accompany their larger ecosystems (i.e. cyber-risk, vendor risks, etc.), the odds of hackers being able to infiltrate these institutions are still significantly smaller than if they were to target a less secure infrastructure (such as those seen in smaller banks). Regardless of the size of a respective entity however, the growing reliance on web-based applications and potent cyber-technologies engulfing the financial sector over the past decade has made a bank’s ability to ensure the financial security of its customers all the more paramount in the face of threats of increasing magnitude and scope.

These developments, coupled with the exponential increase in assets allocated to stopping financial crime altogether, have forced criminals to shift to non-formal avenues and entry points for infiltration via third parties to better facilitate their cyber-heists. Aiming their efforts at smaller or less-heralded companies also allows hackers to avoid the spotlight of the press and detection by more notable financial authorities, while keeping awareness of an entity’s deficiencies under the radar for longer periods. Additionally, with the high-degree of cooperation found between various financial services providers and financial technology (FinTech) companies today, even when cyberattacks are not specifically meant to target larger corporations (and instead hit their third party partners), there can still be a large degree of collateral damage to associated businesses. The damage done can have a far-reaching ripple effect that can even cross over into other industries. In a recent report published by the Wall Street Journal, esteemed writer Jenny Strasburg highlights this growing phenomenon in chronicling a similar scenario impacting a lesser-known company called Epiq Systems Inc. Unbeknownst to many in the financial space, Epiq plays a pivotal role in a range of high-stakes legal matters affecting this sector and a variety of other industries across the globe. Providing additional background, the WSJ adds that, “Epiq operates in a niche market, managing claims and electronic discovery for trials, legal settlements and regulatory investigations” while also helping “companies sort digital records for compliance and restructurings”, and helping “companies recovering from cyberattacks handle customer notifications.”³

Given their high-profile and lengthy list of clientele, Epiq became a prime target for cybercriminals aiming to employ ransomware to encrypt their entire fleet of company files in an effort to extort the company and potentially its noteworthy clients earlier this year. These efforts ultimately led to company executives calling for their systems to be pulled offline to protect their clients and contain the threat while working with law enforcement to identify the attacker(s). While there was ultimately no evidence of any unauthorized transfer or exfiltration of company data, the attack was a major scare for both Epiq and its customers. Unfortunately, this recent trend is growing in frequency and sophistication as criminal success rates have increased; with the damage done to the small and medium-sized businesses targeted also increasing dramatically. The costs associated with these ransom-heists have not been cheap either. Altogether, more than $1 billion in ransom money was paid to hackers in 2019 alone.³

Further complicating matters for businesses today has been the abrupt shift in operational responsibilities brought on by the COVID-19 pandemic. With many companies distracted by the spread of the disease, unprepared with cybersecurity protocols, and relatively disorganized, there are arguably more vulnerabilities in the cybersecurity veil’s of financial service providers today than at any time in the last 10 to 15 years – truly a staggering thought.

Weekly Roundup

U.S. Sanctions Mexican Company With Ties to Venezuelan Oil

Last Thursday, the United States Treasury’s Office of Foreign Assets Control (OFAC) moved to blacklist a total of three individuals and eight foreign companies after discovering that these entities attempted to evade current U.S. sanctions on Venezuela. With the severe economic constraints being placed on the South American country, unsettled Venezuelan President Nicolás Maduro has doubled down on his ties to Iran and allies in other countries to circumvent these sanctions in order to benefit from the re-sale of his country’s most precious resource: crude oil. The exposure of one of the numerous clandestine networks orchestrated by Maduro will undoubtedly help to limit his ability to profit from the proceeds of these illicit oil sales, though the greater efforts of the U.S. to ultimately unseat the corrupt leader have been unsuccessful to date.

Reuters notes that among the entities blacklisted were “Mexico-based Libre Abordo and related Schlager Business Group, as well as their co-owners, Olga Maria Zepeda and Veronica Esparza.”² The article adds that OFAC “also targeted Mexican Joaquin Leal Jimenez, accusing him of having worked with Alex Saab, recently arrested in Cape Verde, Libre Abordo and Schlager for brokering the resale of millions of barrels of Venezuelan crude.”² Libre Abordo has denied the legitimacy of these claims, noting that any relations the company has had with Venezuela have been for the provision of humanitarian aid which should not be subjected to sanctions. The company’s legal representation is set to evaluate the Treasury’s decision in the coming weeks. In the meantime however, the sanctions freeze any U.S. assets held by the named parties and prohibit American citizens/companies from engaging in business with them.

Payment24 Founder Pleads Guilty to Sanctions Violations

 Last month, Global RADAR chronicled charges issued by the United States Justice Department (DOJ) against two prominent executives of international fuel payment solutions provider Payment24 for carrying out financial transactions that violated current U.S. sanctions against Iran. On June 16^th, one of these individuals, company founder and former chief executive Seyed Sajjad Shahidian, pleaded guilty to one count of conspiracy to defraud and commit offenses against the United States. Payment24 was found to have assisted Iranian citizens in conducting prohibited financial transactions with businesses based in the United States that included the unlawful purchase and exportation of computer software, software licenses, and computer servers from United States companies between 2009-2018. The company also allegedly provided its clients advice on how to create financial accounts using fraudulent identities and other means of avoiding detection while also reportedly charging additional fees specifically for helping its customers circumvent American sanctions.

The DOJ notes that Shahidian ultimately “admitted to making misrepresentations to U.S. businesses about the destinations of the goods and opening hundreds of PayPal accounts using fraudulent passports and other false residency documentation” after withdrawing an initial “not guilty” plea issued upon his extradition to the U.S.⁴ His sentencing is scheduled for October 15^th, 2020.

Former ICBC Executives Sentenced in Laundering Case

Four former employees of the Spanish branch of China’s largest bank recently reached a plea deal that will see them face jail time and pay a hefty financial penalty in relation to a money laundering case dating back to the start of the decade. An investigation into the management of the Industrial and Commercial Bank of China’s (ICBC) European branches in 2017 found the Madrid-based branch in particular to have played a large-scale role in the alleged laundering of several hundreds of millions of euros for suspected Chinese criminal networks. The accepted prison sentences will range between three and five months in length, though “under Spanish law, a prison sentence of less than two years does not usually lead to serving any time behind bars unless there are previous criminal records.”¹ The accused individuals have also agreed to pay a fine of €22.7 million ($25.55 million USD) as part of their settlement agreement.

Citations

1. Aguado, Jesus, and Emma Pinedo. “Fines, Short Jail Terms for Four Ex-ICBC Spain Employees in Laundering Case.”Reuters, Thomson Reuters, 16 June 2020.
2. Psaledakis, Daphne and Parraga, Marianna. “U.S. Slaps Sanctions on Mexican Firms, Individuals Linked to Venezuelan Oil Trade.” Reuters, Thomson Reuters, 19 June 2020.
3. Strasburg, Jenny. “Hackers Trigger Far-Reaching Disruption by Targeting Low-Profile Firm.” The Wall Street Journal, Dow Jones & Company, 18 June 2020.
4. Sun, Mengqi. “Founder of Iranian Company Accused of Sanctions Violations Pleads Guilty.” The Wall Street Journal, Dow Jones & Company, 17 June 2020.