April 4, 2016

Recent indictment underscores threat to financial institutions’ cybersecurity

Robinson+Cole Data Privacy + Security Insider

+ Follow Contact

Send

Embed

In an era of cyberwarfare, financial institutions can find themselves in the crossfire. The U.S. government indicted seven Iranian hackers last week, charging the individuals for their roles in a 2011 series of cyber-attacks targeting at least 46 major banking institutions. The attacks, which Attorney General Loretta Lynch called “relentless,” “systematic” and “widespread,” were carried out for nearly a year and included targets such as JPMorgan Chase, Wells Fargo, Bank of America, NASDAQ, and the New York Stock Exchange.

Banks have long known of the danger posed by distributed denial-of-service (DDoS) attacks in which hackers crash a target’s network by flooding it with high levels of traffic. In this case, the Iranian programmers hit some financial institutions with DDoS attacks on a nearly weekly basis, paralyzing bank infrastructure and locking users out of online banking. Such attacks have been increasing in frequency and sophistication in recent years, with Arbor Networks’ recent Worldwide Infrastructure Security Report finding that 57 percent of financial institutions had experienced a DDoS attack, the highest rate of any sector.

Although the indictment falls short of characterizing the attacks as acts officially sanctioned by the Iranian government, intelligence experts have suggested that the campaign was orchestrated as retaliation for the United States’ alleged cyber-attack on Iran’s main nuclear enrichment plant. That attack, revealed in 2010, employed the so-called Stuxnet virus to disrupt Iranian centrifuges used in the enrichment of uranium. Not coincidentally, the recent U.S. indictment also charged the seven Iranians with launching a cyber-attack designed to take control of a small dam in New York.

Commentators remain skeptical that any of the Iranian hackers will ever be brought to trial, but one thing is certain: financial institutions must continue to improve their cybersecurity infrastructure, which may face threats not only from individuals, but potentially from foreign governments as well.

The full indictment can be downloaded here.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Robinson+Cole Data Privacy + Security Insider

Contact + Follow

Norman Roos

+ Follow

less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Increased visibility
Actionable analytics
Ongoing guidance

Learn More

Published In:

Banking Sector

+ Follow

Cyber Attacks

+ Follow

Cybersecurity

+ Follow

Distributed Denial of Service

+ Follow

Financial Institutions

+ Follow

Hackers

+ Follow

Iran

+ Follow

Finance & Banking

+ Follow

International Trade

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Robinson+Cole Data Privacy + Security Insider on:

Recent indictment underscores threat to financial institutions’ cybersecurity

Related Posts

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Published In:

Robinson+Cole Data Privacy + Security Insider on:

"My best business intelligence, in one easy email…"