Regulators Urge Banks to Watch Out for Cyber Extortions

The Federal Financial Institutions Examination Council issued a joint statement Tuesday advising financial institutions to take steps to defend against cyber-ransom attacks.

Extortion from hackers is becoming more frequent and severe, the FFIEC said. Common cyber-attacks include ransomware, the process of encrypting a company's data and demanding money in exchange for the decryption key.

Some hackers have also sought to extort money by threatening denial-of-service attacks. Such threats are often made after the attacker has initially demonstrated the capability to conduct DOS attacks by flooding the company's servers and rendering its website inaccessible for users.

DOS strikes increased between April and June, according to cybersecurity company Akamai Technologies. Accompanying ransom emails often included demands for bitcoin payments.

Activist hackers have also stolen sensitive consumer or business data to blackmail financial institutions, said the FFIEC. These types of attacks can inflict financial costs and inconveniences on companies, as well as threaten their reputation, the FFIEC said.

The joint statement advised financial institutions to tighten up their information security with measures such as performing regular assessments, including on third-party service providers. The regulators also advised banks to restrict the number of employees with security credentials, update cybersecurity awareness programs and share best practices with other companies through forums

For reprint and licensing requests for this article, click here.
Law and regulation Credit unions Bank technology Cyber security Community banking
MORE FROM AMERICAN BANKER