The Federal Financial Institutions Examination Council issued a
Incidences of extortion from hackers are becoming more frequent and severe, noted the council. Common cyberattacks include ransomware, the process of encrypting a company's data and demanding money in exchange for the decryption key.
Some attackers have also sent denial-of-service threats to companies, often after conducting an initial display of DOS by flooding the company's servers and rendering its website inaccessible for users.
DOS strikes increased between April and June, according to cybersecurity company Akamai Technologies. Accompanying ransom emails often included demands for
Activist hackers have also stolen sensitive consumer or business data to blackmail financial institutions, said the FFIEC. All these attacks can inflict financial costs and inconveniences on companies, as well as threaten their reputation, the council noted.
The joint statement advised financial institutions to tighten up their information security processes with such measures as performing regular assessments -- including on third-party service providers -- ensuring that systems are securely configured, restricting the number of employees with security credentials, updating cybersecurity awareness programs and sharing best practices with other companies through forums.
