WASHINGTON (11/4/15)--Increasingly frequent and severe cyberattacks involving extortion sparked a warning to credit unions and other financial institutions from the Federal Financial Institutions Examination Council (FFIEC) Tuesday.
The statement does not contain any new regulatory requirements but is intended to alert financial institutions to specific risk mitigations for these threats.
“Cyber criminals and activists use a variety of tactics, such as ransomware, denial of service and theft of sensitive business and customer information to extort payment or other concessions from victims,” the warning statement reads.
“In some cases, these attacks have caused significant impacts on businesses’ access to data and ability to provide services. Other businesses have incurred serious damage through the release of sensitive information.”
Ransomware is a type of malware that encrypts data on a computer, making it difficult or impossible to recover. The attackers offer to provide decryption after a ransom is paid.
Denial of service attacks attempt to prevent legitimate users from accessing a service, generally by overwhelming the service with a flood of illegitimate requests. Attackers generally perform a small attack, then request payment to prevent additional, larger attacks.
Theft of business and consumer data involves hackers stealing data and then demanding payment, or a particular action, or else the information will be publicly released.
Consistent with FFIEC member guidance, the organization recommends that financial institutions: