Cybersecurity Mitigation Resources

Name

Source

Date

Cyber Fraud Task Force Bulletin - September 2020

USSS

 

9/25/2020

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage 

CISA
8/12/2020

Indicators Associated with Netwalker Ransomware 

FBI
8/3/2020

OCCIP Cybersecurity Alert 1 - Ransomware

 OCCIP 7/23/2020

Cybersecurity: Ransomware Alert

 OCIE 7/10/2020

Contact FBI Cyber Fraud Task Forces

FBI
7/9/2020

Contact U.S. Department of Labor Cyber Fraud Task Forces

DOL
7/9/2020

U.S. Department of Labor Cyber Fraud Task Force Map

DOL
7/9/2020

FinCEN Advisory on Imposter Scams and Money Mule Schemes

 FinCEN 7/7/2020

FBI Sees Spike in Fraudulent Unemployment Insurance Claims Filed Using Stolen Identities

FBI
7/6/2020

USSS-DOL OIG UI Advisory

 USSS  7/6/2020

Contact U.S. Secret Service Cyber Fraud Task Forces

USSS
 7/6/2020

U.S. Secret Service Cyber Fraud Task Force Map

USSS 7/6/2020

State UI ACH ID List 

USSS
 7/6/2020

Compromised Managed Service Providers

USSS

6/12/2020

FBI Alert: Increased use of Mobile Apps Could Lead to Exploitation

FBI

6/10/2020

Selecting and Safely Using Collaboration Services for Telework

NSA

6/3/2020

Advisory on Medical Scams Related to the Coronavirus Disease 2019 (COVID-19)

 FinCEN  5/18/2020

Top 10 Routinely Exploited Vulnerabilities

US-CERT

5/12/2020

North Korean Malicious Cyber Activity Tracker

US-CERT

5/12/2020

CISA Insights: COVID-19 Disinformation Activity

DHS

5/11/2019

APT Groups Target Healthcare and Essential Services (Alert AA20-126A)

US-CERT

5/5/2020

Security in a Cloud Computing Environment

FFIEC

4/30/2020

Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

US-CERT

4/16/2030

Defending Against COVID-19 Cyber Scams

US-CERT

4/15/2020

COVID-19 Exploited by Malicious Cyber Actors

US-CERT

4/8/2020

FBI Alert: COVID-19 Business Email Compromise

FBI

4/6/2020

CISA Insights: Risk management for Novel Coronavirus (COVID-19)

DHS

3/18/2020

Enterprise VPN Security

US-CERT

3/13/2020

Mitigating Cloud Vulnerabilities

NSA

1/22/2020

FDIC-OCC Joint Statement on Heightened Cybersecurity Risk

FDIC/OCC

1/16/2020

Critical Vulnerabilities in Microsoft Windows Operating Systems

US-CERT

1/14/2020

CISA Insights: Increased Geopolitical Tensions and Threats

DHS

1/6/2020

Potential for Iranian Cyber Resources to US Military Strike in Baghdad (Alert AA20-006A)

US-CERT

1/6/2020

Dridex Malware Alert

US-CERT

12/5/2019

FBI Alert: High-Impact Ransomware Attacks Threaten US Businesses and Organizations

FBI

10/2/2019

CISA Insights: Ransomware Outbreak

DHS

8/21/2019


Vulnerabilities & Mitigation

Cybersecurity and data security vulnerabilities come in many forms. Use these resources to know what you are dealing with and how to stay one step ahead.

Sheltered Harbor

Sheltered Harbor is the not-for-profit, industry-developed standard for protecting and recovering customer account data if a catastrophic event causes critical systems - including backups - to fail.

Its purpose is to promote the stability and resiliency of the financial sector and to preserve public confidence in the financial system in the face of an extended systems outage or destructive cyberattack.

The Sheltered Harbor standard combines secure data vaulting of critical customer account information and a resiliency plan to provide customers timely access to their data and funds in a worst-case scenario.

In many cases your core processor may provide a Sheltered Harbor solution.  Please read ICBA's Core Processor Guide.

How Does Sheltered Harbor Achieve Greater Protection for Community Bank Customers?

Industry Response — Resiliency standards established by the financial services industry ensure that consumers receive timely access to their accounts in the event that their bank or brokerage firm becomes inoperable due to a major cyber event.

Standard Data — All participating institutions make a daily copy of the consumer’s account data in a standard format, which enables the restoration of account by another institution or processor in the event of a major loss of operations.

Monitored Regularly — All participating institutions update their adherence reviews to ensure that the Sheltered Harbor standards are exercised consistently and in accordance with Sheltered Harbor specifications.

Secure Vault — Your customers’ account data is archived in a secure data vault that is protected from alteration or deletion. The data will stay intact and accessible if needed-exactly as when it was archived. Think of this as a fall-out shelter for customer data, with each institution providing its own data vault.

Sheltered Harbor in the News

Sheltered Harbor participation is currently open to U.S. banks, credit unions, broker-dealers, and service providers of all sizes. Joining entitles participants access to the standard, support content and experts to help with implementation, and the knowledge that the institution is being proactive in protecting its customer account data, its own business, and public confidence in the US financial system.

Join Sheltered Harbor

Does Your Bank Have a .Bank Domain?

.BANK is an evolution in relationship management, offering a trusted, verified, more secure, and easily identifiable location on the internet for your customers and your bank, regardless of size. .BANK provides a trustworthy stamp of approval for your online offerings.

Manage your .Bank domain or register one:

  • EnCirca Website:

    Formed in 2001, EnCirca is an ICANN-Accredited registrar and registry validation provider based in Boston.  EnCirca is the leading domain name registrar for .BANK domain names. EnCirca specializes in complex and custom registrar solutions for the domain name industry. Contact sales@encirca.com to request a consultation.

  • fTLD Website

What Makes .BANK Safer?


Through verification and mandatory security requirements the .BANK domain creates a safer space and acts as a visual security cue for bank employees or customers.

The .BANK at the end of an email address or website URL confirms that the email communication is authentic and that the website is owned by a bank and is a safe place to manage his or her finances. This simple visual cue enables security that employees and customers can recognize and participate in, ensuring the space remains safe for everyone.

.BANK domains have 6 critical security requirements beyond a standard .COM domain creating additional layers of protection to the consumer, plus verification, which when combined with email authentication, creates security that cannot be replicated in the .COM space. Consider the following difference between .COM and .BANK requirements:

Protect Your Customers