FSOC: Financial Regulators Warn of Ongoing Cyber Attacks

By | May 15, 2013

Posted in: Network Security Trends , Banking DDoS Protection

The federal government issued a strong warning to the financial services sector: Beware of cyber threats, according to the recently released 2012 Financial Stability Oversight Council (FSOC) report.

The FSOC report, which fulfills a Congressional mandate to describe "significant financial market and regulatory developments, analyze potential emerging threats, and make certain recommendations," found cyberattacks to be a significant "operational risk."

"During 2012, more than a dozen financial institutions were subject to sustained and persistent cyberattacks. These attacks disrupted online access to consumer websites, causing inconvenience and annoyance to customers, increased costs, and significantly elevated demand for mitigation service providers," said the report.

The headline-making DDoS attacks against the financial sector that began in mid-September of 2012 are being claimed by a group called the Izz ad-Din al-Qassam Cyber Fighters, and have resulted in intermittent downtime for a number of online banking sites.

While the group maintains that the attacks are being conducted in protest of a controversial YouTube video, others suspect that the operation may actually be a diversionary tactic to occupy the attention of security staff in order to facilitate fraudulent wire transfers by an unidentified criminal syndicate. The Office of the Comptroller of the Currency (OCC) issued an advisory in December to that effect, which reiterated earlier warnings from the Financial Services – Information Sharing and Analysis Center FS-ISAC, the FBI and IC3. Regardless of the alleged endgame, there are signs that the most recent attacks have grown even larger, culminating in a third phase which saw banks knocked offline for a record 249 hours during a six-week period earlier this year, according to reports.

The report recommends that organizations impacted by these attacks share information with both the federal government and other potential targets in an effort to minimize these events.

"The Council recommends that senior management at financial institutions remain engaged on these issues and commit to improve the flow of information both within individual firms and between firms, through appropriate channels. The Council recommends that government agencies enhance information sharing between the public and private sectors and work with the private sector to assess the effects of cyberattacks on business continuity and recovery. Financial regulators should continue to review and update their examination policies and guidance for information security in light of the evolving threat environment," said the report.

You May Also Be Interested In: