The Federal Financial Institutions Examination Council (FFIEC) released statements on ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software.
According to the FFIEC, “Cyber attacks have increased in frequency and severity over the past two years. The attacks often involve the theft of credentials used by customers, employees, and third parties to authenticate themselves when accessing business applications and systems. Cyber criminals can use stolen credentials to commit fraud or identity theft, modify and disrupt information system, and obtain, destroy, or corrupt data. Also, cyber criminals often introduce malware to business systems through e-mail attachments, connecting infected external devices, such as USB drives, to computers or networks, or by introducing the malware directly onto the business systems using compromised credentials.”
Guidance for this can be found at the FFIEC website or clicking here.0