(Adds banking industry group unaware of significant cyber attack, comments from security experts)
By Jim Finkle
BOSTON, Aug 28 (Reuters) - An influential U.S. financial services industry group that shares information about cyber threats has said it is unaware of any “significant” cyber attacks, downplaying concerns about possible breaches at JPMorgan Chase & Co and other banks.
The group, known as the Financial Services Information Sharing and Analysis Center, or FS-ISAC, includes all major U.S. banks and dozens of smaller ones along with some large European financial institutions.
“There are no credible threats posed to the financial services sector at this time,” the group said in an email to its members.
FS-ISAC told members in the email that it decided not to raise its barometer of threats facing banks during a regularly scheduled conference call on Thursday. During the call, members discussed threats facing the financial services sector, including reports of suspected cyber attacks on JPMorgan and other banks.
It added that it was “unaware of any significant cyber-attacks causing unauthorized access to sensitive information at any member institutions.”
JPMorgan had said early on Thursday that it was working with U.S. law enforcement authorities to investigate a possible cyber attack.
The bank provided little information about the suspected attack, declining to say whether it believed hackers had stolen any data or who might be responsible.
“Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple layers of defense to counteract any threats and constantly monitor fraud levels,” it said in a statement.
The FBI had said late on Wednesday that it was looking into media reports on a spate of attacks on U.S. banks, raising concerns that the sector was under siege by sophisticated hackers.
Yet several cyber security experts said that they believe those concerns are overblown.
“Banks are getting attacked every single day. These comments from FS-ISAC and its members indicate that this is not a major new offensive,” said Dave Kennedy, chief executive officer of TrustedSEC LLC, whose clients include several large U.S. banks.
“While we should remain diligent and active in monitoring, it doesn’t appear there is a major offensive,” said Kennedy.
The email said that FS-ISAC was maintaining the threat level at “guarded,” noting that financial services firms continue to face a variety of threats.
It cited recent attacks on retailers using malicious software that targets point-of-sales systems, SMS phishing campaigns targeting bank customers and a recently disclosed attack on hospital operator Community Health Systems Inc .
The group also warned members about the potential for cyber-related activity emerging from conflicts in the Middle East and Ukraine.
“They are basically saying that the attacks they are seeing are the standard patterns. That it is business as usual,” said Daniel Clemens, chief executive of cyber security firm PacketNinjas.
Renewed concerns that banks might be victims of significant cyber attacks emerged after Bloomberg News reported on Wednesday that Russian hackers were believed to have recently stolen sensitive data from JPMorgan and another unnamed U.S. bank. The New York Times subsequently reported that JPMorgan and at least four other U.S. banks had been attacked.
The FBI and has said it would work with the Secret Service to investigate those reports.
One cyber security executive who frequently works with large banks said that he suspected the activity described by Bloomberg and the Times was likely run-of-the-mill attacks that financial institutions fend off on a regular basis.
“There are intrusions every single day. It would be news if banking institutions were not being attacked,” said the executive, who is not authorized to publicly discuss the matter. “There have been no disruptive attacks that I am aware of.” (Reporting by Jim Finkle in Boston and David Henry in New York; Additional reporting by Mark Hosenball and Doina Chiacu in Washington; Editing by David Gregorio, Jeremy Laurence, Jeffrey Benkoe and Lisa Shumaker)