The warning was issued jointly by the FBI and FS-ISAC, and it bluntly told banks their employees were now the target of cyber criminals. But that doesn't surprise many bank security pros.
Recent FBI reporting indicates a new trend in which cyber criminal actors are using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials.
That triggered plenty of worries among bankers. But maybe for no good reason.
As frightening as that statement may be, at least some security experts shrug in perplexity about its issuance. "I don't know why the FBI put out that warning," said Pierluigi Stella, CTO at Network Box USA, which claims a number of banking customers for its security services.
"Banks are the primary targets for criminal hackers. Period. They have been, they will be," said Stella, and that of course is because they are where the money is.
The FBI warning, said Stella, suggests something important has changed -- that is, there once wasn't a problem and now there is. "But that's not so. The reality is that there are threats every day and there have been threats every day," said Stella.
Question: Did the FBI cry wolf, over nothing much, or are the attacks on bank employees notably more skillful and vigorous than they have been?
The FBI has offered no elaboration on its warning. Banks are not talking on the record about this. But at least some third-party experts are and the sense is that Stella is on the money.
While the specter of organized criminals putting malware on a bank employee's computer and using that beachhead to sneak into vulnerable systems is indeed worth losing sleep over, there appears to be nothing new about the threat. It's a real threat, it is terrifying, but it is old news.