Should banks expect cyberattacks from Iran?
08 Jan 2020

Some security experts have warned that Iranian hackers may go after U.S. targets, including financial services companies, in retaliation for the U.S. government’s assassination of the Iranian military leader Qassem Soleimani.

Esmail Ghaani, Soleimani’s replacement as head of Iran’s army, said on Monday that “God the Almighty has promised to get his revenge” for the killing of Soleimani on Jan. 3, The Associated Press reported, and that actions would “certainly” be taken.

The Financial Services Information Sharing and Analysis Center, which gathers cyberattack reports from thousands of U.S. banks, said that it is “closely monitoring recent geopolitical developments on behalf of our members. We have advised our members to remain vigilant as we continue to actively monitor the situation.”

Joe Krull, senior analyst at Aite Group, said he sees danger for U.S. banks.

“What greater revenge from a symbolic point of view but to go after American money?” he said.

Iranian hackers are good at cyberattacks, and by targeting financial institutions, “they can claim victory, but it doesn’t necessarily warrant a military response, so they can do it and get away with it as opposed to blowing up an American embassy,” he said. “If I were a chief information security officer for a bank or a financial services company, I would be updating my run books for incident response.”

Al Pascual, co-founder and chief operating officer of Breach Clarity, said financial services executives would be right to be concerned.

“Iran has promised to deliver ‘hard revenge’ on America, but there is no appetite for direct confrontation with the U.S., so physical strikes against our assets will be off the table while President Trump is in office,” said Pascual, who until recently headed cybersecurity research at Javelin Strategy & Research.

Attacks on U.S. interests, including Middle Eastern allies, and cyberattacks on critical infrastructure are real possibilities, he said.

“And of all of our infrastructure, an assault on our financial system would conceivably be viewed as the least likely to draw a conventional response while still sending a message to an administration that has made the performance of the economy a proof point of its success,” Pascual said.

However, commercial banks themselves are less inviting targets than other financial ones because they have strengthened their security after the attacks of the last decade.

“Instead, I would imagine that U.S. organizations that are critical to facilitating financial transactions, like consumer or commercial payments and trading activity, will be at the top of Iran’s hit list,” he said.

Ilia Kolochenko, founder and CEO of the web security company ImmuniWeb, does not expect an immediate threat to U.S. banks, but for a different reason: Iranian hackers, he said, have already broken into all the U.S. companies they consider targets.

“I think in the near future we will not observe major cyberattacks triggered by the military operation in question,” said Kolochenko, who was a former penetration tester and information-technology security expert at several financial institutions.

“Enemies of the U.S. have already silently breached what they could, stealing valuable information including intelligence data, intellectual property and trade secrets,” he said. “The majority of sophisticated … threats have already happened. Regrettably, their complexity often makes them undetectable and uninvestigable. Today the attackers are unlikely to expose their invisible presence in compromised and back-doored systems by inflicting highly destructive actions.”

Kelly King, the chairman and CEO of Truist Financial, on Tuesday seemed to allude to the Middle Eastern situation in discussing broader conditions affecting banks, though he did not name Iran or single out cybersecurity concerns.

Just two weeks ago, the world was in what he described as “a relatively stable state of unrest.” Now, “it is hard to predict where things will go,” the head of the company formed from the merger of BB&T and SunTrust Banks said in remarks to a business gathering in Durham, N.C. “You can only hope and pray things will not escalate.”

Iranian hackers have a history of going after U.S. banks

In 2011 and 2012, the Izz ad-Din al-Qassam Cyber Fighters launched dozens of distributed-denial-of-service attacks against U.S. banks. (In a DDoS attack, hackers flood a web server with fake or malicious traffic in an attempt to slow down or completely shut down that server.)

The hackers said they were outraged by an anti-Islamic film called “Innocence of Muslims” that had been posted to YouTube. However, forensic evidence suggested their motive was retaliation for U.S. malware attacks against Iranian nuclear facilities in 2010.

Banks responded by investing in content delivery networks that weed out suspicious web traffic and block bad actors.

In January of this year, the U.S. government warned that Iranian hackers were infiltrating banks, government agencies and energy companies and gaining intelligence about U.S. infrastructure for future attacks.

The government is “aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” said Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

At that time, the hackers were deploying “wiper” attacks. A wiper is a class of malware whose intention is to wipe the hard drive of the computer it infects. It often enters a company through common tactics like spearphishing, password spraying and credential stuffing. Krebs advised shoring up basic defenses by using multifactor authentication and taking other security precautions.

By Penny Crosman, American Banker, 7 January 2020

Read more at American Banker

Photo: [CC BY 4.0]

RiskScreen: Eliminating Financial Crime with Smart Technology

Count this content towards your CPD minutes, by signing up to our CPD Wallet