Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter

Distributed Denial of Service (DDoS) Attacks

Summary:

The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), has issued the attached statement to notify institutions of the risks associated with the continued distributed denial of service (DDoS) attacks on public-facing Web sites and the steps institutions are expected to take to address the risks posed by such attacks.

Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.

Highlights:

  • DDoS attacks are continuing against financial institutions' public-facing Web sites.
  • Financial institutions that experience DDoS attacks may face a variety of risks, including operational and reputation risks.
  • DDoS attacks may be a diversionary tactic by criminals attempting to commit fraud.
  • Financial institutions are expected to address DDoS readiness as part of their ongoing business continuity and disaster recovery plans and to take certain specific steps, as appropriate, to detect and mitigate such attacks.
  • The attached statement includes references to guidance and publications to assist institutions in mitigating the risks from DDoS attacks.

Suggested Distribution:

  • FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:

  • Chief Executive Officer
  • Chief Information Security Officer

Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

FIL-11-2014
Attachment(s)

Last Updated: April 2, 2014