The US is on high alert for cyber attacks as a form of retaliation from Iran, and US government agencies and experts have stressed that the financial services industry should be on particularly high alert. Prior to the recent turmoil in the mid-east, Finserv companies were already on high alert having experienced a 147% increase in phishing attacks between January and September 2019 from scammers imitating financial organizations. This new warning, however, poses a much greater threat than individual or small group attacks, having international political implications.
The New York Department of Financial Services is not taking any chances. They were quick to release a press release with very specific warnings to banks and credit unions of Iran's capabilities: "There is currently a heightened risk of cyber attacks from hackers affiliated with the Iranian government. The Iranian government has vowed to retaliate against the United States for the death of Qassem Soleimani. Given Iranian capabilities and history, U.S. entities should prepare for the possibility of cyber attacks. It is particularly concerning that Iran has a history of launching cyber attacks against the U.S., and the financial services industry. For instance, in 2012 and 2013, Iranian-sponsored hackers launched denial of service attacks against several major U.S. banks. And the U.S. government recently advised, in June 2019, that it observed “a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” and that Iranian attackers were increasingly using highly destructive attacks that delete or encrypt data."
There are no specific or credible reports of suspected cyber attacks, but it is wise for all financial institutions to heed the warnings and work with their technology vendors to ensure they are ready to respond quickly to any attempts. Specifically, all patches and updates should be addressed, and now is a great time to remind employees to be alert, especially on common hacking tactics - such as email phishing. Phishing is an attack often used to steal user data, including login credentials into internal networks, and occurs when an attacker, masquerading as a trusted entity, dupes an employee into opening an email and clicking on links or documents. With the rise of phishing scams across the industry, even without this rapidly emerging threat from Iran, it is always good practice to re-enforce employee security protocol.
Phishing has been particularly hard for credit unions and banks to thwart, as the scammers have gotten very good at making emails look genuine. According to Vinay Pidathala, director of security research at Menlo Security, “Attackers are targeting cloud hosted applications trusted by enterprises to increase their probability of breaching a company, with OneDrive being the most popular application used for phishing, likely because so many enterprises are moving to Office 365.” Reminding employees to always think twice before opening any email attachment or clicking on any link - even if it looks to be from a trusted source - is a good first step. Is it a file they were expecting? Do they normally receive links from this email address? Did the email arrive during normal business hours? According to the NYDFS Press release, it is particularly important to make sure that any alerts or incidents are responded to promptly even outside of regular business hours – Iranian hackers are known to prefer attacking over the weekends and at night precisely because they know that weekday staff may not be available to respond immediately.
Regardless of the latest news, keeping your membership protected from security breaches needs to be a top priority for all credit unions. It is your duty to protect their financial well-being, and that means being vigilant about security procedures on all fronts.