Financial Institution Letters
March 30, 2015
FFIEC Joint Statements on Destructive Malware and Compromised Credentials
The Federal Financial Institutions Examination Council (FFIEC) has issued two joint statements to alert financial institutions to specific risk mitigation techniques related to destructive malware and cyber attacks that compromise credentials.
Statement of Applicability to Institutions With Total Assets Under $1 Billion: This Financial Institution Letter applies to all FDIC-supervised financial institutions.
- The joint statement on Cyber Attacks Compromising Credentials discusses the growing trend of cyber attacks designed to obtain online credentials for theft, fraud, or business disruption and recommends risk mitigation techniques. Financial institutions should address this threat by reviewing their risk management practices and controls related to information technology networks and authentication, authorization, fraud detection, and response management systems and processes.
- The joint statement on Destructive Malware discusses the increasing threat of cyber attacks involving destructive malware. Financial institutions and technology service providers should enhance their information security programs to ensure they are able to identify, mitigate, and respond to this type of attack. In addition, business continuity planning and testing activities should incorporate response and recovery capabilities and test resilience against cyber attacks involving destructive malware.
- Both statements reference applicable sections of the FFIEC Information Technology Examination Handbook.
- FDIC-Supervised Banks (Commercial and Savings)
- Chief Executive Officer
- Chief Information Officer
- Chief Information Security Officer
- Joint Statement on Destructive Malware - PDF (PDF Help)
- Joint Statement on Cyber Attacks Compromising Credentials - PDF (PDF Help)
- Marlene Roberts, Senior Specialist Cybersecurity and Critical Infrastructure Protection, at firstname.lastname@example.org or 703-254-0465; or Donald Saxinger, Senior Examination Specialist, at email@example.com or (703) 254-0214
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at http://www.fdic.gov/news/news/financial/2015/.
To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/index.html.
Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).