The Fed Suffers 50-plus Breaches in Four Years

By June 14, 2016CCG Insights

The Fed Suffers 50-plus Breaches in Four YearsIncreasingly, familiar organizations and agencies fall prey to cybercriminals’ ever-evolving tactics. Recently, Reuters revealed numerous Fed attacks and breaches; and Comodo Threat Research Labs detected attempts to steal DHL customer credentials.

Reuters reported that Federal records show that the U.S. Federal Reserve discovered more than 50 cybersecurity breaches between 2011 and 2015, including several involving espionage.

The Fed’s cybersecurity squad listed 310 incidents reports during the four-year period with 140 classified as hacking attempts. Out of those episodes, the Fed identified 51 incidents of information disclosure, an extensive categorization that includes access by hackers or emails sent by Fed employees to an erroneous receiver.

Four 2012 hacking incidents were described as espionage, according to the records. There was an Information breach in at least two of those incidents.

Eight information breaches taking place between 2011 and 2013 involving malicious code coincided with a massive federal buy-up of bonds.

The 140 hacking attempts represent only a fraction of all cyberattacks on the Fed. They include only Fed incidents subject to Freedom of Information Act requests and exclude the Fed’s 12 privately owned regional banks.

Security practices at central banks are under scrutiny internationally, after hackers stole $81 million from the Bangladesh central bank’s New York Fed account in February.

On Feb. 4, hackers used the SWIFT messaging system of Bangladesh’s central bank systems to submit 35 payment requests to the Federal Reserve Bank of New York, transferring $101 million to bogus accounts in the Philippines’ Rizal Commercial Banking Corporation and a Sri Lanka-based financial institution.

The New York Fed became suspicious and denied 30 of the requests, but not before the release of $81 million to a foreign exchange broker.

It is unclear if the espionage incidents reported by Reuters were the work of foreign governments. The massive breach of Office of Personnel Management records was widely attributed to state-sponsored espionage groups based in China.

Meanwhile, Clifton, N.J.-based Comodo Threat Research Labs detected cybercriminals trying to steal DHL customer credentials by compromising the domain of the South Africa Accreditation Authority, a government entity. This URL then redirects customers to the actual phishing website that is imitating the DHL site.

Specifically, in this latest campaign, a bogus email mimics a DHL shipment notification alerting the customer to fill in the required information in order to take a parcel delivery. However, the link provided within the email does not redirect to an official DHL website, but instead to the compromised domain disguised as a DHL site.

It is a clear example of how the compromising of government assets turn into phishing attacks targeting citizens, Comodo Threat Research Labs said. It added no organization or company is secure enough, unless they take necessary measures. “Government assets are no exception.”

In light of recent cyberattacks, the Federal Financial Institutions Examination Council (FFIEC) issued an alert to remind financial institutions of the need to manage the risks associated with interbank messaging and wholesale payment networks actively. The alert said, “Financial institutions should review their risk management practices and controls over information technology and wholesale payment systems networks, including authentication, authorization, fraud detection, and response management systems and processes.”