Homeland Security, New York DFS Issue Warnings on Potential Iran Cybersecurity Breaches

In the wake of the U.S. military drone strike against the leader of Iran’s special operations forces earlier this month, the Department of Homeland Security, as well as the New York Department of Financial Services, issued warnings about potential Iranian cybersecurity threats targeting U.S. businesses, particularly financial institutions.

Separately, the Mortgage Bankers Association reminded members of various resources to help in understanding cybersecurity risks and complying with related regulations.

The Jan. 3 military strike killed Qasem Soleimani, an Iranian major general in the Islamic Revolutionary Guard Corps and commander of its Quds Force, responsible for clandestine and extraterritorial military operations. Pentagon spokespersons said they believed Soleimani, who was in Iraq at the time of his death, was responsible for several attacks against Saudi oil facilities and posed an “imminent threat” to safety and security of U.S. property, military personnel and civilians.

In a Jan. 4 bulletin, https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf, DHS said while it had no information indicating a “specific, credible threat,” it warned Iran and its partners, such as Hezballah, have “demonstrated the intent and capability to conduct operations” in the United States.

“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.-based targets,” DHS said. “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

Building on that, the New York DFS issued a Jan. 4 industry letter (https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202001041) to all of its  regulated entities on need for heightened cybersecurity precautions.

“It is particularly concerning that Iran has a history of launching cyber attacks against the U.S., and the financial services industry,” DFS said. “For instance, in 2012 and 2013, Iranian-sponsored hackers launched denial of service attacks against several major U.S. banks. And the U.S. government recently advised in June 2019 it observed ‘a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,’ and that Iranian attackers were increasingly using highly destructive attacks that delete or encrypt data.

DFS strongly recommended all regulated entities heighten their vigilance against cyber attacks and that “all vulnerabilities are patched/remediated (especially publicly disclosed vulnerabilities), ensure that employees are adequately to deal with phishing attacks, fully implement multi-factor authentication, review and update disaster recovery plans, and respond quickly to further alerts from the government or other reliable sources. It is particularly important to make sure that any alerts or incidents are responded to promptly even outside of regular business hours–Iranian hackers are known to prefer attacking over the weekends and at night precisely because they know that weekday staff may not be available to respond immediately.”

In October, MBA issued a whitepaper, “The Basic Components of an Information Security Program” (https://www.mba.org/news-research-and-resources/technology-resource-center/cybersecurity), to highlight best practices for protecting member organizations. MBA encourages our members to use this resource when evaluating security risks.

“As financial service transactions are increasingly conducted online, risks associated with these transactions require different controls, MBA understands the cybersecurity risks facing our industry as well as federal and state legislation and regulations that govern this topic,” MBA said.