US banks prepare for Iranian cyberattacks as retaliation for sanctions

As the United States ...

Posted: Nov 10, 2018 1:29 PM
Updated: Nov 10, 2018 1:29 PM

As the United States reinstated economic sanctions on Iran on Monday, American banks were gearing up for retaliatory Iranian cyberattacks.

Bank executives believe Iranian hackers could attempt to disrupt financial services, perhaps as they did between 2011 and 2013 -- with denial-of-service attacks that interrupted bank websites and other internet financial services.

Banking institutions

Banking, finance and investments

Business, economy and trade

Consumer banking

Continents and regions

Crime, law enforcement and corrections

Criminal offenses

Cyber attacks

Digital crime

Digital security

Embargoes and sanctions

Government and public administration

Government bodies and offices

International relations

International relations and national security

Iran

Iran nuclear development

Middle East

Middle East and North Africa

North America

Politics

Technology

The Americas

United States

Unrest, conflicts and war

US federal government

White House

Cyberterrorism

National security

Terrorism

Terrorism and counter-terrorism

Last week, CNN got rare access to a major American bank's highly guarded cybersecurity defense center in New York, where monitor screens listed "Iranian hackers" as the top "trending threat" at the moment. (North Korea ranked closely behind.) The bank's top cybersecurity executive said his team is bracing for a reprisal, because Iran "might lash out" as a result of the reimposed sanctions.

The bank requested not to be identified, citing a concern that Iran would single it out and direct hackers to attack the institution. The industry as a whole is already on guard, the bank said.

United States Cyber Command, the hacking force within the Department of Defense, said it is working along with other government efforts to counter "malicious cyber activity."

"Iran, while more limited (than some other countries) in the sophistication of their cyber capabilities, (has) demonstrated a greater willingness to conduct destructive cyberattacks that are well beyond the norms of state behavior in peacetime," Lt. Col. Audricia Harris told CNN in an email.

Companies in the private sector may experience attacks first. Two former federal government officials and several cybersecurity experts confirmed to CNN that major American banks are concerned about Iranian retaliation, though the banks themselves declined to comment.

This week, the Trump administration reimposed all the economic penalties that the Obama administration lifted as part of the 2015 Iranian nuclear deal. The reinstated sanctions added almost 700 targets to the US sanctions list, including 50 Iranian financial institutions, making it harder for these targets to engage in business worldwide. The Iranian government has made public statements about its intention to defy US sanctions.

An industry of private security contractors has grown up to protect major banks and other companies from hackers. They have recently warned their clients to heighten their defenses.

"Banks are taking a hard look at Iranian threat actors right now. We've advised all of our clients in the critical infrastructure space to consider the historic hostile actions of Iranian actors given this new development," said John Hultquist, director of research at FireEye, a cybersecurity firm that provides services to major banks.

The banking industry's privately run group that coordinates defenses against cyberattacks -- the Financial Services Information Sharing and Analysis Center -- told CNN it has not seen Iran prepare to attack yet.

"There's no evidence I've seen that the threat is imminent," FS-ISAC CEO Bill Nelson told CNN on Wednesday. "But we were able to effectively defend and respond in 2012. We're certainly better off than we were then."

According to public accusations made two years ago by the Department of Justice, Iran launched massive cyberattacks against the US banking sector from 2011 until 2013. Iranian hackers flooded American financial institutions with garbage computer traffic, jamming the banks' internet services. The attacks started in December 2011 then ramped up in September 2012, when it significantly disrupted customer access to the websites of Bank of America, JPMorgan Chase, Wells Fargo, US Bank and PNC Bank.

At the time, the cyberattack was the largest ever. The cybersecurity firm CrowdStrike called it "unprecedented." The Obama administration's DOJ later indicted seven Iranians who allegedly conducted the cyberattack while working at two companies "on behalf" of the Islamic Revolutionary Guard Corps.

Joshua Motta saw those attacks firsthand while he worked at Cloudflare, an internet service that protects websites from these kinds of aggressive floods of traffic. At the time, he said, "the industry was unprepared." He's now CEO of the cyberinsurance company Coalition, which provides coverage for small businesses like credit unions and regional banks. Motta said they should be preparing for Iran's vengeance.

"This is on everyone's radar. It is almost with 100% certainty the hacking campaign will resume after sanctions," Motta told CNN this week. "And I don't think it's going to be limited to banks." Energy infrastructure, for example, could also come under threat, as it did from Russia earlier this year, according to the Department of Homeland Security.

If Iran does attack the United States, corporations will be faced with hackers whose skills have grown since 2012, according to CrowdStrike.

"They've gotten better in the last six years at intrusion activity. The experience they've gained -- launching wave after wave of destructive attacks against Saudi Arabia -- has helped them increase their capabilities. They are much more formidable," said Dmitri Alperovitch, CrowdStrike's co-founder and chief technology officer.

Since the 2011-2013 Iranian cyberattacks, the US military has taken a more aggressive position against such threats -- one that could result in an immediate counterstrike against Iran.

As CNN reported in September, the US military has been given more authority to launch preventative cyberattacks. A classified Obama administration directive that forced American government hackers to seek the president's approval before launching retaliatory cyberstrikes deemed to have "significant consequences" was replaced by the Trump administration's National Security Presidential Memorandum 13, or NSPM 13.

President Trump's directive, which came into effect September 20, "effectively reversed those restraints" put into place by the previous President, White House national security adviser John Bolton told reporters at the time. "Our hands are not tied as they were in the Obama administration," he said.

"It is now the policy of the United States to shoot back to deter (an) adversary's cyber operations. If we could get into their network, we could destroy their computers. We could take down the Islamic Revolutionary Guard Corps network affecting the banks," said Jason Healey, a senior research scholar at Columbia University's School for International and Public Affairs who is working on a paper about the more aggressive policy and its potential consequences.

This more aggressive cyberwarfare policy carries a risk of escalating tensions, Healey and other experts said. But Healey acknowledged the tensions with Iran are there already.

US Cyber Command, the military's hackers, "want to get in there and grapple, get close and throw elbows, make the adversaries fight for their computer infrastructure," Healey said.

Terre Haute
Partly Cloudy
40° wxIcon
Hi: 61° Lo: 39°
Feels Like: 33°
Robinson
Partly Cloudy
40° wxIcon
Hi: 62° Lo: 40°
Feels Like: 31°
Indianapolis/Eagle Creek
Cloudy
38° wxIcon
Hi: 62° Lo: 39°
Feels Like: 29°
Paris
Mostly Cloudy
37° wxIcon
Hi: 60° Lo: 38°
Feels Like: 29°
Mattoon/Charleston
Partly Cloudy
38° wxIcon
Hi: 59° Lo: 38°
Feels Like: 29°
Terre Haute
Partly Cloudy
40° wxIcon
Hi: 60° Lo: 39°
Feels Like: 33°
Terre Haute
Partly Cloudy
40° wxIcon
Hi: 59° Lo: 39°
Feels Like: 33°
A chance of showers, cloudy, and cool.
WTHI Planner
WTHI Temps
WTHI Radar

Latest Video

Image

Sunday Evening Forecast

Image

Sunday Morning Forecast Update

Image

Loogootee GBB State Finals

Image

Brycen Graber All-Time Assist Record

Image

Saturday Evening Forecast

Image

12 POINTS GROCERY STORE

Image

IL COVID-19 FIRST RESPONDER PROTECTIONS

Image

Pop up vaccine clinic

Image

Saturday Morning Forecast Update

Image

MARSHALL RED HILL

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 1185367

Reported Deaths: 22710
CountyCasesDeaths
Cook4739449351
DuPage766591194
Will64954892
Lake59408921
Kane50666716
Winnebago28319438
Madison27949454
St. Clair25391466
McHenry24290265
Champaign18079125
Peoria16880262
Sangamon16121217
McLean14581157
Tazewell13509240
Rock Island13056286
Kankakee12482189
Kendall1103785
LaSalle10786219
Macon9442185
Vermilion8557116
DeKalb8260112
Adams8003114
Williamson6794120
Whiteside5926147
Boone592171
Clinton557189
Coles519091
Grundy511363
Knox5017131
Ogle501473
Jackson460160
Effingham449269
Macoupin434779
Henry432656
Marion4262111
Livingston419876
Franklin414366
Stephenson409275
Monroe406383
Jefferson3976115
Randolph396078
Woodford367260
Morgan358676
Montgomery349268
Lee335143
Logan330753
Bureau330473
Christian330167
Fayette306452
Perry304657
Fulton285044
Iroquois277060
Jersey249346
Douglas244132
McDonough232140
Saline229747
Lawrence229624
Union218536
Shelby213734
Crawford200723
Bond190724
Cass188722
Pike168850
Clark168529
Wayne167148
Hancock167029
Warren166444
Richland163538
White160625
Jo Daviess160522
Ford158245
Washington158223
Carroll157634
Edgar154337
Moultrie149024
Clay142941
Greene137932
Johnson134712
Piatt132214
Wabash130012
Mason128241
Mercer128033
De Witt127822
Massac127133
Cumberland119218
Jasper110917
Menard10358
Marshall83815
Hamilton78815
Schuyler6775
Pulaski6705
Brown6636
Stark54022
Edwards52310
Henderson49814
Calhoun4782
Scott4491
Alexander4478
Gallatin4374
Putnam4153
Hardin34412
Pope2823
Out of IL40
Unassigned02216

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 660942

Reported Deaths: 12556
CountyCasesDeaths
Marion905601638
Lake48352874
Allen35762635
Hamilton32026396
St. Joseph29865511
Elkhart25350414
Vanderburgh21225377
Tippecanoe19977200
Johnson16319356
Porter15938269
Hendricks15801300
Clark11928180
Madison11730316
Vigo11578229
Monroe10312161
Delaware9830179
LaPorte9755196
Howard9047196
Kosciusko8549109
Bartholomew7440147
Warrick7403150
Hancock7394130
Floyd7189169
Wayne6630191
Grant6422157
Morgan6075125
Boone607288
Dubois5895111
Dearborn546866
Cass543399
Henry541793
Marshall5417104
Noble508578
Jackson464366
Shelby460190
Lawrence4179111
Gibson400881
Harrison398763
Clinton395053
Montgomery386283
DeKalb384678
Miami356763
Knox356485
Whitley348936
Huntington342376
Steuben337855
Wabash330876
Putnam329459
Ripley326861
Adams322549
Jasper315443
White297252
Jefferson294473
Daviess285396
Fayette271456
Decatur270488
Greene261280
Posey260531
Wells257674
Scott249950
Clay240844
LaGrange240770
Randolph225576
Spencer217030
Jennings214744
Washington210427
Sullivan203139
Fountain201142
Starke187951
Owen181953
Fulton178237
Jay177628
Carroll176418
Perry173235
Orange171150
Rush164322
Vermillion160242
Franklin159335
Tipton146141
Parke138815
Pike127432
Blackford120627
Pulaski106444
Newton96531
Brown94939
Benton91813
Crawford90313
Martin80014
Warren75513
Switzerland7537
Union67110
Ohio53211
Unassigned0431