Congress targets COVID cyber fraud
Pending bills would boost information sharing efforts, pay subsidies to affected states and individuals and move the Secret Service back to the Department of Treasury.
In addition to loss of life and economic costs, COVID-19 pandemic has also become a cottage industry for cyber-enabled fraud and other schemes.
According to FBI Deputy Assistant Director Tonya Ugoretz, the number of daily complaints to their Internet Crime Complaint Center has tripled and sometimes quadrupled over the past four months. Threat intelligence firms have tracked an explosion of coronavirus themed scams and a broader shift among cybercriminals towards leveraging the pandemic as bait in phishing and extortion schemes, particularly as the federal government and states have moved to disperse hundreds of billions of dollars in relief funds to individuals and businesses.
Lawmakers have put forward a number of bills designed to address cyber fraud, during and after the pandemic. The Internet Fraud Prevention Act would require the FBI, Federal Trade Commission and Federal Reserve to study and report on business email compromise (the FBI already issues public reports on the subject).
The COVID-19 Restitution Assistance Fund for Victims of Securities Violation Act would provide individuals up to $50,000 in restitution if they are victims of securities fraud related to the coronavirus.
Another draft bill, the Senior Investor Pandemic Fraud Protection Act would create a new grant program for states to protect seniors citizens and other vulnerable adults from COVID-related fraud.
At a June 16 House Financial Services hearing, VMWare Head of Cybersecurity Tom Kellerman urged the Senate to pass existing House legislation that would increase information sharing efforts between law enforcement, financial institutions and financial regulators.
Kellerman also suggested other legislative proposals, like pushing the Financial Stability Oversight Council to develop a framework for regulating digital currencies, modernizing money laundering and forfeiture regulations to include cryptocurrencies and digital payments and establishing tax credits for fintech companies that dedicate at least 10% of their IT budgets to cybersecurity.
"The cybercrime community has educated themselves as to the interdependencies that exist in the financial sector, and they've begun to commandeer these very interdependencies to manifest criminal conspiracies," Kellerman told the committee.
Another pending bill would move the U.S. Secret Service – which investigates financial crimes – back to the Department of Treasury. Rep. Denny Heck (D-Wash.), one of its cosponsors, said the government has not invested sufficient money or resources to tackle widespread financial fraud over the past decade and particularly at a time when hundreds of billions of federal relief dollars are flowing to businesses, states and individuals.
"Between the lasting damage done to the federal government's investigative capacity by the Budget Control Act – and it has been diminished -- and the loss of mission focus…resulting from moving the [Secret] Service to the Department of Homeland Security, I think the federal government remains pretty unprepared, by and large, to identify and investigate financial cybercrimes," said Heck.
Kelvin Coleman, Executive Director of the National Cybersecurity Alliance, said that both victims and threat actors are recognizing the value of partnerships. As FCW has reported, threat intelligence firms are increasingly finding evidence that ransomware actors and other hacking groups are working together to compromise a broader set of organizations while sharing in the profits. Coleman recommended "game changing investments" from Congress into cybersecurity awareness and education campaigns to counter those kinds of efforts.
"Bad actors are communicating, bad actors are coordinating, why shouldn't the good guys?" Coleman asked.