Common Cybersecurity Threats
This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.
- Phishing – Social engineering or “phishing” attacks remain one of the most common cybersecurity threats firms have discussed with FINRA. Many firms experienced situations where employees provided information or took an action in response to phishing emails because the fraudsters successfully impersonated a person or entity the recipients trusted. FINRA recently published Information Notice 2-13-19 (FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms) to alert firms to a particular type of emerging phishing attack.
- Imposter Websites – As FINRA discussed in our Information Notice 4-29-19 (Imposter Websites Impacting Member Firms), some firms learned that fraudsters created imposter websites, or websites designed to mimic a firm’s actual website, to obtain customers’ confidential information and commit financial fraud.
- Malware – Firms continued to experience malware attacks that damaged or disabled computers, computer systems, access to data or the data itself, or networks. In many cases, firms remained unaware of the malware infection for an extended period. Firms reported that malware infections most often originated from phishing emails where a user clicked on a link or opened an attachment.
- Account Compromise or Takeover – FINRA observed an increase in attacks on firm employees’ or customers’ email accounts, where fraudsters used data breaches, malware or phishing attacks to obtain log-on credentials and execute unauthorized transactions in financial accounts, firm systems, bank accounts or credit cards.
- Fraudulent Wires – FINRA observed an increase in the number of fraudulent third-party wire requests and authorizations. Although most firms have verification procedures for such wire requests, there were a number of instances where firms either did not have sufficient safeguards in place to prevent unauthorized wires or registered representatives did not follow these procedures.
- Ransomware – Some firms were targets of ransomware attacks. These attacks typically prevented or limited users from accessing their system or data files by locking or encrypting them until a ransom is paid. Typically, ransom requests required that the firms make payments in Bitcoin or other digital currencies.
- Distributed Denial-of-Service (“DDoS”) Attacks – FINRA has observed that some firms experienced DDoS attacks, where perpetrators sought to make systems, servers or network resources unavailable to their intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. In some cases, attackers threatened that they would initiate a DDoS attack unless a firm paid a ransom.
- Vendor Breaches – Breaches at trading and back-office system vendors allowed fraudsters to obtain sensitive customer information.