Two weeks ago, the United States launched an air strike targeted at the Iranian Military and subsequently led to the assassination of the Iranian military leader Qassem Soleimani. In a response from Esmail Ghaani, Soleimani’s replacement as the head of the Iranian Army, promised harsh revenge against the United States. Many speculate that revenge could come in the form a series of cyber attacks as this may not trigger a direct response from the United States military forces. Historically, foreign governments have targeted financial institutions based on the value of their data, which is why financial institutions may want to stay alert in the coming weeks.
Department 1800, The Ministry of Intelligence and Security (MOIS) uses all means at its disposal to protect the Islamic Revolution of Iran. MOIS is responsible for all covert operations in Iran and has a history of attacking United States Financial Institutions, most successfully through spear phishing.
Through information gathered from subsequent investigations, MOIS was focused on accessing and stealing Personally Identifiable Information (PII); however, there were a few cases between 2015 and 2017 which they were identified as being responsible for stealing cryptocurrency from financial institutions. Further, it was discovered that Iran has dormant malware on some National and International financial networks to monitor and access sensitive data; however, the extent of this is not yet known.
So why the focus our data and not our money? There are a few schools of thought here. The first being that there is a significant market for personally identifiable information on the dark web if the incentive were money. Conversely, and a more likely scenario is foreign governments are analyzing this data to find inroads to whatever they seek. PII can tell you a lot about a person, and data at financial institutions in particular, what type of financial situation an individual may be in and if they may be a vulnerable target. For example, data may show that John Smith is at risk of having his home foreclosed on, etc.. Using the power of what they know about an individual can aid in obtaining an individual’s assistance for whatever they may be trying to accomplish, with the end result being a monetary reward.
Due to the heightened national security in response to recent events, two Congressmen, Emanuel Cleaver II, and Gregory Meeks, who both sit on the House Financial Services Committee, sent a letter to the Federal Reserve, Treasury Department, Securities and Exchange Commission, Federal Deposit Insurance Corp., Consumer Financial Protection Bureau, Federal Housing Finance Agency, Commodity Futures Trading Commission, National Credit Union Administration and the Office of the Comptroller of the Currency in a pitch to take action to shore up cyber defenses in the financial sector. The fallout from this request is not yet clear from a regulatory standpoint, but it seems evident that the government foresees the financial sector being a primary target for potential Iranian retaliation.
As a result, remaining diligent in assessing the internal and external threats to your organization remains a top priority, along with implementing appropriate processes to prevent, detect, and respond to any known or suspected cyber threat is imperative.