The Federal Financial Institutions Examinations Council (FFIEC) has issued a rare warning to banks on destructive new malware tools that are being used by attackers to compromise data and render critical systems inoperable.

In a separate alert, the interagency council that develops standards for federal oversight of financial institutions also warned of targeted cyberattacks seeking to steal the online login credentials used by bank employees to access critical systems and data.

Targeted Attacks

It’s unclear whether the alerts were prompted by any specific incidents or were driven by broader concerns about targeted attacks against banks and other financial services institutions. Last year’s cyberattack on JPMorgan Chase, which exposed the data of an estimated 83 million banking customers, has spawned considerable worries about sophisticated malware tools being used to breach financial services networks.

One example of such tools is the Dyre banking Trojan, which first started circulating last June and has since been used in attacks against Citigroup, Chase, the Royal Bank of Scotland and Bank of America. IBM recently identified a variant of the tool being used in a campaign dubbed “Dyre Wolf,” which has already resulted in more than $1 million being siphoned out of corporate bank accounts.

Variety of Risks From Malware

The FFIEC’s alert on malware tools does not name any specific threats but noted that financial institutions faced a variety of risks from them, including financial loss, operational disruption, fraud and reputational damage.

The alert highlighted the targeted social engineering tactics being used by attackers to infect banking systems and noted how malicious software could be introduced via rogue attachments in phishing emails, through watering hole attacks or by connecting external devices such as USB drives to systems containing sensitive data.

“Once introduced, destructive malware may be further distributed through compromised enterprise system management technologies,” the alert said.

The FFIEC urged financial institutions to include cyberattacks in the list of eventualities for which they must prepare when developing business continuity and disaster recovery plans. Data recovery strategies should address the potential for corrupted data to be replicated on backup systems as the result of simultaneous attacks on backup centers, it cautioned.

Risk Mitigation

The FFIEC alert provides a checklist of items for mitigating malware-borne threats, but it stressed that none of them represent new regulatory requirements for banks. The recommendations include measures such as network segmentation, air gapping, hard backups, data encryption, access controls, continuous monitoring and ongoing risk assessments.

In keeping with the recent emphasis on threat information sharing, the FFIEC also urged banking institutions to cooperate with each other to identify, respond to and mitigate targeted security threats.

Credential Theft

Meanwhile, the council’s separate alert on credential theft warned banks to be on the lookout for phishing, malvertising, watering hole and Web-based attacks that are designed to steal usernames and passwords to critical customer and employee accounts. Stolen credentials are widely stored in underground forums and provide attackers with a way to take over accounts and commit identity theft.

Credential theft presents two distinct risks. Stolen customer data allows attackers to access their online banking accounts and steal money from them, while stolen employee data provides access to critical internal systems.

“System credentials may be targeted directly through vulnerabilities in authentication systems or indirectly by compromising the credentials of trusted third parties,” the FFIEC said.

Many of the recommendations the FFIEC had for mitigating the risk of credential theft were the same as its recommendations for protecting against malware threats. However, banks should also review their access and permissions to critical systems on a regular basis, restrict the number of people with privileged access, implement strong password management policies and regularly patch systems.

More from

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

How Do Threat Hunters Keep Organizations Safe?

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…