Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

NY Fed Reveals Implications of Cyberattack on US Financial System

A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.



A cyberattack compromising the integrity of US financial systems could lead to an "unprecedented" reconciliation and recuperation process, bank analysts predict in new research published this week from the Federal Reserve Bank of New York.

As part of a "pre-mortem analysis," Thomas Eisenback, Anna Kovner, and Michael Junho Lee analyzed the potential consequences if a cyberattack harmed banks' ability to send payments between one another. They estimate the impairment of any of the five most active US banks could lead to "significant spillovers" to other banks and affect 38% of the network on average. These top banks account for close to half of total payments, the top 10 for more than 60%.

"A cyber attack on any of the most active U.S. banks that impairs any of those banks' ability to send payments would likely be amplified to affect the liquidity of many other banks in the system," the analysts write. If banks respond strategically — which is likely, if there is uncertainty surrounding the incident — the extent of amplification would be even greater, they explain.

To arrive at these findings, the analysts considered how an attack on multiple banks may interfere with payment activity in the Fedwire Funds Service, which represents the majority of wholesale payments between financial institutions in the US. They chose to analyze Fedwire given how high-value payment systems could appeal to an attacker who is eager to cause widespread economic damage.

Read more details here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How to Keep Security on Life Support After Software End-of-Life."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark Reading,  1/15/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3595
PUBLISHED: 2020-01-22
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
CVE-2011-3610
PUBLISHED: 2020-01-22
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
CVE-2019-18583
PUBLISHED: 2020-01-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18584
PUBLISHED: 2020-01-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18585
PUBLISHED: 2020-01-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.