-
Despite years of debate, lawmakers are still grappling with key questions over how to set enhanced data security and notification standards to prevent cyber attacks, including whether they should preempt state laws.
May 14 -
Bank regulators are likely to take further action to force banks to upgrade their cybersecurity processes as hackers continue to find ways to penetrate institutions defenses, Benjamin Lawsky, the top former New York bank supervisor, said Tuesday.
July 28 -
DD4BC, a group that threatens to knock out corporate websites unless it is paid off in bitcoins, has expanded its denial-of-service attacks on banks.
September 23
The Federal Financial Institutions Examination Council issued a
Extortion from hackers is becoming more frequent and severe, the FFIEC said. Common cyber-attacks include ransomware, the process of encrypting a company's data and demanding money in exchange for the decryption key.
Some hackers have also sought to extort money by threatening denial-of-service attacks. Such threats are often made after the attacker has initially demonstrated the capability to conduct DOS attacks by flooding the company's servers and rendering its website inaccessible for users.
DOS strikes increased between April and June, according to cybersecurity company Akamai Technologies. Accompanying ransom emails often included demands for
Activist hackers have also stolen sensitive consumer or business data to blackmail financial institutions, said the FFIEC. These types of attacks can inflict financial costs and inconveniences on companies, as well as threaten their reputation, the FFIEC said.
The joint statement advised financial institutions to tighten up their information security with measures such as performing regular assessments, including on third-party service providers. The regulators also advised banks to restrict the number of employees with security credentials, update cybersecurity awareness programs and share best practices with other companies through forums