U.S. federal financial regulators are warning about the threat of so-called distributed denial-of-service (DDoS) attacks.
The U.S. Office of the Comptroller of the Currency issued a bulletin Thursday warning financial institutions about the risks associated with continued DDoS attacks and the steps that institutions are expected to take to address these events.
It notes that DDoS attacks have been on the rise from politically-motivated groups, and that these have increased in sophistication and intensity. These attacks can cause websites to slow down, prevent customers from accessing their institutions’ website, and adversely affecting back-office operations. In other cases, DDoS attacks served as a diversionary tactic by criminals attempting to commit fraud.
The regulators note that they expect financial institutions to address DDoS readiness as part of their ongoing information security and incident response plans, it notes. To that end, financial institutions are expected to monitor incoming traffic to their public Web sites, activate response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including using third-party services, if necessary.
Additionally, the regulators report that cyber-attacks on financial institutions designed to gain access to, and alter the settings on, Web-based ATM control panels are on the rise too. Financial institutions are expected to take steps to address this threat by reviewing the adequacy of their controls over information technology networks, card issuer authorization systems, ATM usage parameters, and fraud detection processes.