US banks prepare for Iranian cyberattacks as retaliation for sanctions

As the United States ...

Posted: Nov 10, 2018 12:29 PM
Updated: Nov 10, 2018 12:29 PM

As the United States reinstated economic sanctions on Iran on Monday, American banks were gearing up for retaliatory Iranian cyberattacks.

Bank executives believe Iranian hackers could attempt to disrupt financial services, perhaps as they did between 2011 and 2013 -- with denial-of-service attacks that interrupted bank websites and other internet financial services.

Banking institutions

Banking, finance and investments

Business, economy and trade

Consumer banking

Continents and regions

Crime, law enforcement and corrections

Criminal offenses

Cyber attacks

Digital crime

Digital security

Embargoes and sanctions

Government and public administration

Government bodies and offices

International relations

International relations and national security

Iran

Iran nuclear development

Middle East

Middle East and North Africa

North America

Politics

Technology

The Americas

United States

Unrest, conflicts and war

US federal government

White House

Cyberterrorism

National security

Terrorism

Terrorism and counter-terrorism

Last week, CNN got rare access to a major American bank's highly guarded cybersecurity defense center in New York, where monitor screens listed "Iranian hackers" as the top "trending threat" at the moment. (North Korea ranked closely behind.) The bank's top cybersecurity executive said his team is bracing for a reprisal, because Iran "might lash out" as a result of the reimposed sanctions.

The bank requested not to be identified, citing a concern that Iran would single it out and direct hackers to attack the institution. The industry as a whole is already on guard, the bank said.

United States Cyber Command, the hacking force within the Department of Defense, said it is working along with other government efforts to counter "malicious cyber activity."

"Iran, while more limited (than some other countries) in the sophistication of their cyber capabilities, (has) demonstrated a greater willingness to conduct destructive cyberattacks that are well beyond the norms of state behavior in peacetime," Lt. Col. Audricia Harris told CNN in an email.

Companies in the private sector may experience attacks first. Two former federal government officials and several cybersecurity experts confirmed to CNN that major American banks are concerned about Iranian retaliation, though the banks themselves declined to comment.

This week, the Trump administration reimposed all the economic penalties that the Obama administration lifted as part of the 2015 Iranian nuclear deal. The reinstated sanctions added almost 700 targets to the US sanctions list, including 50 Iranian financial institutions, making it harder for these targets to engage in business worldwide. The Iranian government has made public statements about its intention to defy US sanctions.

An industry of private security contractors has grown up to protect major banks and other companies from hackers. They have recently warned their clients to heighten their defenses.

"Banks are taking a hard look at Iranian threat actors right now. We've advised all of our clients in the critical infrastructure space to consider the historic hostile actions of Iranian actors given this new development," said John Hultquist, director of research at FireEye, a cybersecurity firm that provides services to major banks.

The banking industry's privately run group that coordinates defenses against cyberattacks -- the Financial Services Information Sharing and Analysis Center -- told CNN it has not seen Iran prepare to attack yet.

"There's no evidence I've seen that the threat is imminent," FS-ISAC CEO Bill Nelson told CNN on Wednesday. "But we were able to effectively defend and respond in 2012. We're certainly better off than we were then."

According to public accusations made two years ago by the Department of Justice, Iran launched massive cyberattacks against the US banking sector from 2011 until 2013. Iranian hackers flooded American financial institutions with garbage computer traffic, jamming the banks' internet services. The attacks started in December 2011 then ramped up in September 2012, when it significantly disrupted customer access to the websites of Bank of America, JPMorgan Chase, Wells Fargo, US Bank and PNC Bank.

At the time, the cyberattack was the largest ever. The cybersecurity firm CrowdStrike called it "unprecedented." The Obama administration's DOJ later indicted seven Iranians who allegedly conducted the cyberattack while working at two companies "on behalf" of the Islamic Revolutionary Guard Corps.

Joshua Motta saw those attacks firsthand while he worked at Cloudflare, an internet service that protects websites from these kinds of aggressive floods of traffic. At the time, he said, "the industry was unprepared." He's now CEO of the cyberinsurance company Coalition, which provides coverage for small businesses like credit unions and regional banks. Motta said they should be preparing for Iran's vengeance.

"This is on everyone's radar. It is almost with 100% certainty the hacking campaign will resume after sanctions," Motta told CNN this week. "And I don't think it's going to be limited to banks." Energy infrastructure, for example, could also come under threat, as it did from Russia earlier this year, according to the Department of Homeland Security.

If Iran does attack the United States, corporations will be faced with hackers whose skills have grown since 2012, according to CrowdStrike.

"They've gotten better in the last six years at intrusion activity. The experience they've gained -- launching wave after wave of destructive attacks against Saudi Arabia -- has helped them increase their capabilities. They are much more formidable," said Dmitri Alperovitch, CrowdStrike's co-founder and chief technology officer.

Since the 2011-2013 Iranian cyberattacks, the US military has taken a more aggressive position against such threats -- one that could result in an immediate counterstrike against Iran.

As CNN reported in September, the US military has been given more authority to launch preventative cyberattacks. A classified Obama administration directive that forced American government hackers to seek the president's approval before launching retaliatory cyberstrikes deemed to have "significant consequences" was replaced by the Trump administration's National Security Presidential Memorandum 13, or NSPM 13.

President Trump's directive, which came into effect September 20, "effectively reversed those restraints" put into place by the previous President, White House national security adviser John Bolton told reporters at the time. "Our hands are not tied as they were in the Obama administration," he said.

"It is now the policy of the United States to shoot back to deter (an) adversary's cyber operations. If we could get into their network, we could destroy their computers. We could take down the Islamic Revolutionary Guard Corps network affecting the banks," said Jason Healey, a senior research scholar at Columbia University's School for International and Public Affairs who is working on a paper about the more aggressive policy and its potential consequences.

This more aggressive cyberwarfare policy carries a risk of escalating tensions, Healey and other experts said. But Healey acknowledged the tensions with Iran are there already.

US Cyber Command, the military's hackers, "want to get in there and grapple, get close and throw elbows, make the adversaries fight for their computer infrastructure," Healey said.

Minnesota Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 37624

Reported Deaths: 1503
CountyConfirmedDeaths
Hennepin12150785
Ramsey4805226
Stearns234519
Dakota228690
Anoka2180107
Nobles16626
Olmsted110115
Washington106940
Mower9452
Rice8357
Scott7004
Clay58538
Kandiyohi5701
Wright4565
Blue Earth4532
Todd4002
Carver3641
Lyon3092
Sherburne3075
Freeborn2900
Steele2281
Watonwan2160
Benton2143
St. Louis17715
Martin1635
Nicollet15912
Cottonwood1340
Goodhue1298
Winona12215
Crow Wing10612
Pine1030
Le Sueur981
Chisago971
Otter Tail931
McLeod880
Carlton850
Dodge840
Polk812
Chippewa781
Unassigned7637
Isanti720
Itasca6412
Waseca640
Douglas620
Meeker611
Morrison591
Murray580
Becker550
Faribault550
Jackson550
Sibley542
Pennington500
Pipestone371
Mille Lacs342
Renville322
Wabasha310
Brown302
Rock300
Yellow Medicine300
Beltrami290
Fillmore280
Houston250
Swift211
Norman200
Wilkin203
Redwood180
Cass152
Wadena150
Aitkin140
Big Stone140
Kanabec141
Koochiching141
Roseau130
Marshall120
Grant100
Lincoln100
Pope100
Mahnomen81
Clearwater70
Hubbard60
Lake60
Traverse50
Lac qui Parle40
Stevens40
Red Lake30
Kittson20
Cook10
Lake of the Woods00

Iowa Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 30975

Reported Deaths: 720
CountyConfirmedDeaths
Polk6464179
Woodbury321544
Black Hawk225258
Buena Vista171111
Johnson12648
Dallas126329
Linn126282
Marshall104319
Scott77810
Story7623
Pottawattamie72111
Wapello70630
Dubuque68322
Crawford6772
Muscatine62944
Sioux4630
Tama46229
Wright3801
Louisa36013
Jasper32317
Plymouth3165
Warren2731
Dickinson2642
Washington2369
Webster2132
Hamilton1871
Cerro Gordo1561
Boone1481
Clay1330
Clarke1312
Allamakee1284
Mahaska11517
Shelby1140
Clinton1071
Poweshiek1048
Carroll961
Pocahontas941
Bremer926
Franklin890
Des Moines882
Henry863
Emmet850
Cedar821
Taylor790
Monona760
Cherokee751
Floyd722
Hardin700
Marion700
Guthrie664
Benton651
Sac630
Jefferson590
Osceola590
Jones560
Humboldt541
Butler532
Harrison530
Lee532
Hancock510
Iowa510
Buchanan501
Monroe506
Calhoun492
Delaware491
Fayette480
Madison452
Clayton433
Lyon410
Palo Alto410
Davis391
Winneshiek380
Grundy370
Mitchell370
Mills360
Howard350
Kossuth340
Lucas304
Greene290
Jackson290
Chickasaw280
Winnebago280
Union270
Ida230
Cass220
Appanoose203
Keokuk201
Page200
Van Buren200
Worth190
Audubon161
Unassigned160
Adair150
Ringgold150
Decatur110
Montgomery102
Wayne100
Adams80
Fremont70
Rochester
Clear
85° wxIcon
Hi: 87° Lo: 69°
Feels Like: 88°
Mason City
Clear
84° wxIcon
Hi: 90° Lo: 68°
Feels Like: 86°
Albert Lea
Clear
84° wxIcon
Hi: 88° Lo: 69°
Feels Like: 87°
Austin
Clear
84° wxIcon
Hi: 88° Lo: 69°
Feels Like: 88°
Charles City
Clear
84° wxIcon
Hi: 89° Lo: 68°
Feels Like: 86°
Hot and sticky fourth of July weekend
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

Alternative baseball hopes to come to the Med City in 2021

Image

FOURTH OF JULY IN AUSTIN AND STEWARTVILLE

Image

Seans 6pm Weather 7/4

Image

Fans excited for Honkers return

Image

Honkers fall to St. Cloud in home opener

Image

Baseball returns to the Med City

Image

Seans 10pm Weather 7/3

Image

Leaders advocate for the homeless

Image

Fireworks Show During the Pandemic

Image

Pillars of the City Unveiled

Community Events