Skip to Content

Mini Menu

Locate a credit union
Toggle Submenu
Find More Info

FFIEC Releases Two Statements on Compromised Credentials and Destructive Malware


3501 Fairfax Drive, Room B7081a, Arlington, VA 22226-3550 – (703) 516-5588 – FAX (703) 562-6446 – http://www.ffiec.gov

Press Release

March 30, 2015

 

For Immediate Release


FFIEC Releases Two Statements on Compromised Credentials and Destructive Malware
 

The Federal Financial Institutions Examination Council (FFIEC) today released two statements about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software, known as malware. In addition, the FFIEC provided information on what institutions can do to prepare for and respond to these threats.

Cyber attacks have increased in frequency and severity over the past two years. The attacks often involve the theft of credentials used by customers, employees, and third parties to authenticate themselves when accessing business applications and systems. Cyber criminals can use stolen credentials to commit fraud or identity theft, modify and disrupt information system, and obtain, destroy, or corrupt data. Also, cyber criminals often introduce malware to business systems through e-mail attachments, connecting infected external devices, such as USB drives, to computers or networks, or by introducing the malware directly onto the business systems using compromised credentials.

In accordance with FFIEC guidance, institutions should:

  • Securely configure systems and services;
  • Review, update, and test incident response and business continuity plans;
  • Conduct ongoing information security risk assessments;
  • Perform security monitoring, prevention, and risk mitigation;
  • Protect against unauthorized access;
  • Implement and test controls around critical systems regularly;
  • Enhance information security awareness and training programs; and
  • Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.
The FFIEC also highlighted the following resources that provide practical information  for strengthening user awareness regarding safe online practices.
 

                                                                                   ###


The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has six voting members: a Governor of the Board of Governors of the Federal Reserve System designated by the Chairman of the Board, the Chairman of the Federal Deposit Insurance Corporation, the Chairman of the Board of the National Credit Union Administration, the Comptroller of the Currency, the Director of the Consumer Financial Protection Bureau, and the Chairman of the State Liaison Committee. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.

Media Contacts
CFPB Sam Gilford (202) 435-7673
FDIC Greg Hernandez (202) 898-6984
FRB Susan Stawick (202) 452-2955
NCUA Ben Hardaway (703) 518-6333
OCC Stephanie Collins (202) 649-6870
SLC Catherine Woody (202) 728-5733

National Credit Union Administration

1775 Duke Street
Alexandria, VA - 22314
www.ncua.gov


Office of Public & Congressional Affairs

(703) 518-6330
pacamail@ncua.gov

"Protecting credit unions and the consumers who own them through effective regulation"

9/20/2018 6:00 PM