Nov 19, 2021
0 0

US regulators order banks to report cyberattacks within 3 days

Written by

US regulators order banks to report cyberattacks within 36 hours
Hackers deploy Linux malware, web skimmer on e-commerce servers
Six million Sky routers exposed to takeover attacks for 17 months
Microsoft: Windows Installer breaks apps after updates, repairs
Emotet botnet comeback hatched by ex-Ryuk member now part of Conti gang
New Windows 11 build fixes Microsoft Installer issue breaking apps
Fake TSA PreCheck sites scam US travelers with fake renewals
Microsoft Authenticator gets new enterprise security features
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
US regulators order banks to report cyberattacks within 3 days
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours.
Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector’s stability.
Bank service providers will also have to notify customers “as soon as possible” if a cyberattack has materially affected or will likely affect the customers for four or more hours.
Examples of incidents that need to be reported under the new rule include large-scale distributed denial of service attacks that disrupt customer account access to banking services or computer hacking incidents that takedown banking operations for extended periods of time.
“Computer-security incidents can result from destructive malware or malicious software (cyberattacks), as well as non-malicious failure of hardware and software, personnel errors, and other causes,” the Computer-Security Incident Notification Final Rule explains (PDF).
“Cyberattacks targeting the financial services industry have increased in frequency and severity in recent years. These cyberattacks can adversely affect banking organizations’ networks, data, and systems, and ultimately their ability to resume normal operations.”
Today, along with @USOCC and the @FederalReserve, we issued a final rule that will better position banking supervisors to understand and respond to cyber threats across the banking sector.

Read more
The final rule issued by the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (Board), and the Office of the Comptroller of the Currency (OCC) will take effect on April 1, 2022, with full compliance extended to May 1, 2022.
“The FDIC will provide supervised institutions logistics for FDIC notification in early 2022,” the Federal Deposit Insurance Corporation (FDIC) said on Thursday.
The new cyberattack reporting rule is designed to boost banking supervisors’ awareness of emerging threats to banking orgs and the broader US financial system. 
This, in turn, will allow the federal bank regulatory agencies to react to these increasing and accumulating threats before they will become systemic.
“The final rule seeks to allow the banking supervisors to be informed of the most significant cyberattacks in a timely fashion while avoiding unnecessarily difficult or time-consuming reporting obligations,” said FDIC Chairman Jelena McWilliams.
“The final rule therefore does not require an assessment of the incident to fulfill the notification requirement.”
This month, US lawmakers have also introduced new legislation (the Ransomware and Financial Stability Act) that aims to set ransomware attack response “rules of road” for US financial institutions.
If signed into law, this newly introduced bill will require US financial orgs impacted by ransomware attacks to notify the Director of the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) with details on the attack and associated ransom demands.
Groove ransomware calls on all extortion gangs to attack US interests
Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha
Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance
Microsoft: Iran-linked hackers target US defense tech companies
Fake TSA PreCheck sites scam US travelers with fake renewals
Not a member yet? Register Now
Winamp prepares a relaunch, new beta version almost ready
Russian ransomware gangs start collaborating with Chinese hackers
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.