U.S. authorities are calling on financial institutions to redouble their cybersecurity efforts in light of recent attacks targeting the banking industry’s messaging system, SWIFT
Earlier this week, the U.S. Federal Financial Institutions Examination Council (FFIEC) issued an advisory calling on financial firms “to actively manage the risks associated with interbank messaging and wholesale payment networks.”
Recent cyber attacks have targeted those systems to carry out unauthorized transactions, demonstrating the capability to: compromise a financial institution’s wholesale payment origination environment; use valid operator credentials with the authority to create interbank messages; use highly customized malware to disable security logging and reporting; and transfer stolen funds across multiple jurisdictions quickly.
“Financial institutions should use multiple layers of security controls to establish several lines of defense,” the FFIEC statement says, adding that their processes should include addressing the risk posed by compromised credentials.Financial institutions should review their risk management practices and controls, including authentication, authorization, fraud detection, and response management systems, the statement adds.
The statement does not contain new regulatory expectations, the FFIEC notes. “It is intended to alert financial institutions to specific risk mitigation techniques related to cyber attacks exploiting vulnerabilities and unauthorized entry through trusted client terminals running messaging and payment networks.”
The FFIEC includes the Federal Reserve, the Federal Deposit Insurance Corp., the National Credit Union Administration, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, and the State Liaison Committee.