Common Cybersecurity Threats

This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.

  • Phishing – Social engineering or “phishing” attacks remain one of the most common cybersecurity threats firms have discussed with FINRA. Many firms experienced situations where employees provided information or took an action in response to phishing emails because the fraudsters successfully impersonated a person or entity the recipients trusted. FINRA recently published Information Notice 2-13-19 (FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms) to alert firms to a particular type of emerging phishing attack.
  • Imposter Websites – As FINRA discussed in our Information Notice 4-29-19 (Imposter Websites Impacting Member Firms) and Regulatory Notice 20-30 (Imposter Websites Impacting Registered Representatives), some firms learned that fraudsters created imposter websites, or websites designed to appear as a firm’s or registered representative’s actual website, to obtain customers’ confidential informationand commit financial fraud such as fraudulent cryptocurrency transactions.
  • Malware – Firms continued to experience malware attacks that damaged or disabled computers, computer systems, access to data or the data itself, or networks. In many cases, firms remained unaware of the malware infection for an extended period. Firms reported that malware infections most often originated from phishing emails where a user clicked on a link or opened an attachment.
  • Customer Account Takeover (ATO) – As FINRA discussed in our Regulatory Notice 21-18 (FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts), FINRA has received an increasing number of reports regarding customer account takeover (ATO) incidents, which involve bad actors using compromised customer information, such as login credentials (i.e., username and password), to gain unauthorized entry to customers’ online brokerage accounts.
  • Firm Account Compromise or Takeover – FINRA observed an increase in attacks on firm employees’ email accounts, where fraudsters used data breaches, malware or phishing attacks to obtain log-on credentials and execute unauthorized transactions in financial accounts, firm systems, bank accounts or credit cards.
  • Fraudulent Wires or ACH Transactions – As FINRA discussed in our Regulatory Notice 21-14 (FINRA Alerts Firms to Recent Increase in ACH “Instant Funds” Abuse), FINRA observed an increase in the number of fraudulent third-party wire requests and authorizations. Although most firms have verification procedures for such wire requests, there were a number of instances where firms either did not have sufficient safeguards in place to prevent unauthorized wires or registered representatives did not follow these procedures.
  • Ransomware – Some firms were targets of ransomware attacks. These attacks typically prevented or limited users from accessing their system or data files by locking or encrypting them until a ransom is paid. Typically, ransom requests required that the firms make payments in Bitcoin or other digital currencies.
  • Distributed Denial-of-Service (“DDoS”) Attacks – FINRA has observed that some firms experienced DDoS attacks, where perpetrators sought to make systems, servers or network resources unavailable to their intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. In some cases, attackers threatened that they would initiate a DDoS attack unless a firm paid a ransom. ·
  • Vendor Breaches (“Supply Chain Issues”) – As FINRA discussed in our Regulatory Notice 21-29 (FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors), FINRA expects member firms to develop reasonably designed vendor management programs that are consistent with their risk profile, business model and scale of operations. Breaches at vendors supporting critical firm operations may allow fraudsters to obtain sensitive customer information or disrupt business operations.

Learn more about FINRA's Cybersecurity Policies and Practices