LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms. Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations. As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.
FINRA’s Cyber and Analytics Unit (CAU) is highlighting an Okta data breach spanning from September 28 to October 17, 2023 that impacts Okta customer support system users. Okta reported that threat actors downloaded names and email addresses, along with other relevant metadata, of their customer support system users. The information could be leveraged in phishing or other social engineering attacks and potentially lead to the targeting of firm personnel in an Okta administrator or customer support role.
FINRA is highlighting recently reported vulnerabilities that impact Citrix NetScaler services including NetScaler ADC and NetScaler Gateway. Threat actors can exploit these vulnerabilities to exfiltrate sensitive information and to infect data and systems with ransomware. These Citrix services are typically used in support of internet-based application systems, to balance and manage incoming requests, and to enhance security and resiliency.
This notification warns member firms of an ongoing phishing campaign that began on or around Oct. 9 that involves fraudulent emails purporting to be from FINRA executives, in some instances containing a PDF attachment. These emails are not from FINRA, and firms should delete them and consider blocking their domains.
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program highlights recent reports of a CrowdStrike service outage affecting Microsoft operating systems. FINRA continues to monitor the outage.
SummaryTo assist members in their financial reporting obligations, FINRA is issuing this Notice to provide the due dates for Annual Report, Financial and Operational Combined Uniform Single (FOCUS), Form Custody, and supplemental FOCUS Report filings that are due in 2025 or the first quarter of 2026. FINRA reminds members that all such filings they submit to FINRA must be made electronically
A diversified portfolio tends to be harder to achieve than simply following the mantra to avoid putting all of your investment eggs in one basket. This basic strategy can help, but it is often not enough to avoid concentration risk—the risk of amplified losses that may occur from having a large portion of your holdings in a particular investment, asset class or market segment relative to your overall portfolio. Learn more about concentration risk and read tips on how to manage it.
The ninth annual Createathon, FINRA’s premiere innovation event, took place over the course of three days in late September. Over 530 staffers participated, including 32 competing teams spanning 11 departments as well as volunteers, DeepRacer competitors, and a dance troupe, to name a few.
In observation of the Thanksgiving holiday, the FINRA/Exchange Trade Reporting Facilities (TRFs) will be closed on Thursday, November 28, 2024. Please be advised that the TRFs will close early on Friday, November 29, 2024. See the tables below for a schedule of modified hours. Thank you for your attention to this matter. Please contact FINRA Operations at (866) 776-0800 if you have any
