US banking group says unaware of any 'significant' cyberattack

Hackers target US banks
Hackers target US banks

An influential U.S. financial services industry group that shares information about cyberthreats has said it is unaware of any "significant" cyberattacks, downplaying concerns about possible breaches at JPMorgan Chase and other banks.

The group, known as the Financial Services Information Sharing and Analysis Center, or FS-ISAC, includes all major U.S. banks and dozens of smaller ones along with some large European financial institutions.

Read MoreJPMorgan andother banks struck by cyberattack

"There are no credible threats posed to the financial services sector at this time," the group said in an email to its members.

Peter Foley | Bloomberg | Getty Images

FS-ISAC told members in the email that it decided not to raise its barometer of threats facing banks during a regularly scheduled conference call on Thursday. During the call, members discussed threats facing the financial services sector, including reports of suspected cyberattacks on JPMorgan and other banks.

It added that it was "unaware of any significant cyberattacks causing unauthorized access to sensitive information at any member institutions."

JPMorgan had said early on Thursday that it was working with U.S. law enforcement authorities to investigate a possible cyberattack.

Read More

The bank provided little information about the suspected attack, declining to say whether it believed hackers had stolen any data or who might be responsible.

"Companies of our size unfortunately experience cyberattacks nearly every day. We have multiple layers of defense to counteract any threats and constantly monitor fraud levels," it said in a statement.

The FBI had said late on Wednesday that it was looking into media reports on a spate of attacks on U.S. banks, raising concerns that the sector was under siege by sophisticated hackers.

JPMorgan confirms cyberintrusion
JPMorgan confirms cyberintrusion

Yet several cybersecurity experts said that they believe those concerns are overblown.

"Banks are getting attacked every single day. These comments from FS-ISAC and its members indicate that this is not a major new offensive," said Dave Kennedy, chief executive officer of TrustedSEC, whose clients include several large U.S. banks.

"While we should remain diligent and active in monitoring, it doesnt appear there is a major offensive," said Kennedy.

The email said that FS-ISAC was maintaining the threat level at "guarded," noting that financial services firms continue to face a variety of threats.

Read MoreDairy Queen likely data breach victim

It cited recent attacks on retailers using malicious software that targets point-of-sales systems, SMS phishing campaigns targeting bank customers and a recently disclosed attack on hospital operator Community Health Systems.

The group also warned members about the potential for cyber-related activity emerging from conflicts in the Middle East and Ukraine.

"They are basically saying that the attacks they are seeing are the standard patterns. That it is business as usual," said Daniel Clemens, chief executive of cybersecurity firm PacketNinjas.

Cyberattack vulnerability landscape is massive: Pro
Cyberattack vulnerability landscape is massive: Pro

Renewed concerns that banks might be victims of significant cyberattacks emerged after Bloomberg News reported on Wednesday that Russian hackers were believed to have recently stolen sensitive data from JPMorgan and another unnamed U.S. bank. The New York Times subsequently reported that JPMorgan and at least four other U.S. banks had been attacked.

The FBI and has said it would work with the Secret Service to investigate those reports.

One cybersecurity executive who frequently works with large banks said that he suspected the activity described by Bloomberg and the Times was likely run-of-the-mill attacks that financial institutions fend off on a regular basis.

"There are intrusions every single day. It would be news if banking institutions were not being attacked," said the executive, who is not authorized to publicly discuss the matter. "There have been no disruptive attacks that I am aware of."

By Reuters