Skip to main content
FoxPointe FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog
  • Contact Us
FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog

Enter Keywords

  1. Home
  2. Blog

FoxPointe Security Hub

Financial Institutions Beware: How Iranian Retaliation at the US could become a Cybersecurity Concern

January 15, 2020

Two weeks ago, the United States launched an air strike targeted at the Iranian Military and subsequently led to the assassination of the Iranian military leader Qassem Soleimani. In a response from Esmail Ghaani, Soleimani’s replacement as the head of the Iranian Army, promised harsh revenge against the United States. Many speculate that revenge could come in the form a series of cyber attacks as this may not trigger a direct response from the United States military forces. Historically, foreign governments have targeted financial institutions based on the value of their data, which is why financial institutions may want to stay alert in the coming weeks.

Department 1800, The Ministry of Intelligence and Security (MOIS) uses all means at its disposal to protect the Islamic Revolution of Iran. MOIS is responsible for all covert operations in Iran and has a history of attacking United States Financial Institutions, most successfully through spear phishing.

Through information gathered from subsequent investigations, MOIS was focused on accessing and stealing Personally Identifiable Information (PII); however, there were a few cases between 2015 and 2017 which they were identified as being responsible for stealing cryptocurrency from financial institutions. Further, it was discovered that Iran has dormant malware on some National and International financial networks to monitor and access sensitive data; however, the extent of this is not yet known.

Why a Cyber Attack?

So why the focus our data and not our money? There are a few schools of thought here. The first being that there is a significant market for personally identifiable information on the dark web if the incentive were money. Conversely, and a more likely scenario is foreign governments are analyzing this data to find inroads to whatever they seek. PII can tell you a lot about a person, and data at financial institutions in particular, what type of financial situation an individual may be in and if they may be a vulnerable target. For example, data may show that John Smith is at risk of having his home foreclosed on, etc.. Using the power of what they know about an individual can aid in obtaining an individual’s assistance for whatever they may be trying to accomplish, with the end result being a monetary reward.

Due to the heightened national security in response to recent events, two Congressmen, Emanuel Cleaver II, and Gregory Meeks, who both sit on the House Financial Services Committee, sent a letter to the Federal Reserve, Treasury Department, Securities and Exchange Commission, Federal Deposit Insurance Corp., Consumer Financial Protection Bureau, Federal Housing Finance Agency, Commodity Futures Trading Commission, National Credit Union Administration and the Office of the Comptroller of the Currency in a pitch to take action to shore up cyber defenses in the financial sector. The fallout from this request is not yet clear from a regulatory standpoint, but it seems evident that the government foresees the financial sector being a primary target for potential Iranian retaliation.

As a result, remaining diligent with cyber threat assessment to your organization remains a top priority, along with implementing appropriate processes to prevent, detect, and respond to any known or suspected cyber threat is imperative.

FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.

Subscribe

Subscribe to receive new articles and resources from our information risk management experts directly in your inbox as soon as they're available.

Subscribe Now

Archive   Archive
Share
Twitter Facebook LinkedIn
  • Topics
  • Authors
  • Data Security (13)
  • Data Privacy (15)
  • Compliance (4)
  • Risk Management (8)
  • Cybersecurity Alert (7)
  • Cybersecurity (25)
  • Archive (34)
  • Charlie Wood | PCI QSA, CISA, CRISC, CISM
  • Carl Cadregari | CISA, CCSFP, CTPRP
  • Allison Hall | PCIP, CCSFP
  • Courtney Caryl | CCSFP, CHQP
Let us show you how we can help
Request Quote
FoxPointe

171 Sully's Trail
Pittsford, NY 14534

Call 844-726-8869
or Contact Us

Subscribe to the Blog

Services
Cyber Risk, Assurance and ComplianceIT AuditPenetration TestingGeneral ConsultingVirtual Chief Information Security Officer (vCISO)
Company
Management TeamAbout UsBlogCareersPrivacy Policy
©2023 FoxPointe
Website by Corporate Communications, Inc.
We use cookies and other technologies to optimize site functionally, analyze website traffic, and share information with our service and analytics partners. To view our Privacy Policy, which discusses cookies, click here. By continuing to use & browse our services, you agree to our Privacy Policy, our use of cookies, and the Terms and Conditions.