OPERATIONAL RISK

SolarWinds Cyberattack

The supply chain attack on the SolarWinds Orion Platform and subsequent customer breaches is affecting every corner of the economy, including community banking. Here's what you need to know.

CEO ALERT

What community banks need to know

The supply chain attack on the SolarWinds Orion Platform, and the subsequent breaches to its customers, is a significant cybersecurity event that is affecting every corner of the public and private sectors, including community banking.

ICBA is closely monitoring developments and wants community bankers to have the latest information. Here's what we know:

Continue Reading

Quick References

Cybersecurity Icon
Dec 22, 2020 | NewsWatch Today Article

Supplemental guidance issued on SolarWinds attack

Dec 21, 2020 | NewsWatch Today Article

SolarWinds criminals narrow follow-up attacks: Microsoft

Dec 18, 2020 | NewsWatch Today Article

CISA follow-up call today on SolarWinds

Dec 17, 2020 | NewsWatch Today Article

SolarWinds: What community banks need to know

email

Financial institutions that have ever run the compromised SolarWinds Orion systems may provide feedback at OCCIP-Coord@treasury.gov or anonymously through FS-ISAC at sharingops@fsisac.com.

ICBA Members can also get the latest OCCIP updates here.

Key Resources for Your Bank’s Cybersecurity Program

The following links will lead you to cybersecurity assessment tools to help you better understand where your bank stands.

Name Source Date
CISA - Free Detection Tool for Azure/M365 Environment
CISA 12/28/2020
CIS - CIS Controls
CIS 11/18/2020
CSBS - Ransomware Mitigation Tool
CSBS 11/18/2020
#Protect2020 Rumor vs. Reality
CISA 10/21/2020
FBI Internet Crime Complaint Center (IC3)
FBI 09/10/2020
US-CERT Alerts
CISA 09/10/2020
Financial Services Information Sharing and Analysis Center
FS-ISAC 09/10/2020
Carnegie Endowment for International Peace: Cyber Resilience Capacity-building Tool Box
CEIP 09/10/2020
FDIC Cyber Challenge: A Community Bank Cyber Exercise
FDIC 09/10/2020
FBIIC Financial Sector Cyber Exercise Template
FBIIC 09/10/2020
FDIC Information Technology and Cybersecurity Banker Resource Center
FDIC 09/10/2020
FFIEC Cybersecurity Resource Guide
FFIEC 09/10/2020
FSSCC Automated Cybersecurity Assessment Tool v.2.1
FSSCC 09/10/2020
NIST Cybersecurity Framework
NIST 09/10/2020
FFIEC Cybersecurity Assessment Tool
09/09/2020
FFIEC IT Handbook
FFIEC 09/09/2020
CISA Cybersecurity Detection and Prevention
CISA 09/09/2020
CISA Cybersecurity Assessments
CISA 09/09/2020
CISA Cybersecurity Training and Exercises
CISA 09/08/2020
CISA - Cyber Resiliency Resources for Public Safety Fact Sheet
CISA 09/06/2020

Vulnerabilities & Mitigation

Cybersecurity and data security vulnerabilities come in many forms. Use these resources to know what you are dealing with and how to stay one step ahead.

Name Source Date
North Korea: Cyber Tactics and Tools Targeting Global Financial Sector
DHS 01/13/2021
PIN - Egregor Ransomware
FBI 01/07/2021
Money Mule Initiative and Education
DOJ 12/16/2020
CISA Alert: Active Exploitation of SolarWinds Software
CISA 12/13/2020
CISA Emergency Directive on SolarWinds Orion Code Compromise
CISA 12/13/2020
PIN: Cyber Criminals Exploit Email Rule Vulnerability to Increase the Likelihood of Successful Business Email Compromise
FBI 12/01/2020
Scam Awareness Materials for Groups and Organizations
SSA 11/02/2020
Security Alert Pandemic Related Fraud Chargeback Scheme
Visa 10/21/2020
Advisory on Unemployment Insurance Fraud During COVID-19
FINCEN 10/13/2020
Pandemic Response Portal
09/28/2020
Unemployment Insurance Fraud Consumer Protection Guide
09/28/2020
USSS SBA OIG Joint Alert - PPP EIDL Fraud - TLP Green
09/28/2020
Cyber Fraud Task Force Bulletin - September 2020
USSS 09/25/2020
Selecting and Safely Using Collaboration Services for Telework
NSA 09/10/2020
FBI Alert: Increased use of Mobile Apps Could Lead to Exploitation
FBI 09/10/2020
Compromised Managed Service Providers
USSS 09/10/2020
State UI ACH ID List
USSS 09/10/2020
U.S. Secret Service Cyber Fraud Task Force Map
USSS 09/10/2020
Contact U.S. Secret Service Cyber Fraud Task Forces
USSS 09/10/2020
USSS-DOL OIG UI Advisory
USSS 09/10/2020
FBI Sees Spike in Fraudulent Unemployment Insurance Claims Filed Using Stolen Identities
FBI 09/10/2020
FinCEN Advisory on Imposter Scams and Money Mule Schemes
FinCEN 09/10/2020
Contact U.S. Department of Labor Cyber Fraud Task Forces
DOL 09/10/2020
Cybersecurity: Ransomware Alert
OCIE 09/10/2020
OCCIP Cybersecurity Alert 1 - Ransomware
OCCIP 09/10/2020
Indicators Associated with Netwalker Ransomware
FBI 09/10/2020
Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage
CISA 09/10/2020
SBA Information Notice
SBA 07/21/2020
SBA Lender Alert EIDL
SBA 07/14/2020