Iranian cyberattacks and BlueKeep: What financial institutions need to know
The recent threat of Iranian cyberattacks isn’t new to financial institutions.
Today’s escalating attacks are the byproduct of growing tensions between the U.S. and Iran. Hackers appear to be focused government agencies and companies that could disrupt our infrastructure. But in 2016, seven Iranian hackers orchestrated a coordinated cyberattack on dozens of U.S. financial institutions, causing millions of dollars in lost business. The hackers in that case are believed to be the same ones in the current case, but the goal in 2016 was to knock systems offline. The threat this time is more severe: Hackers are trying to delete all system data. The U.S. Department of Homeland Security is warning the public that hackers out of Iran are doing more than stealing data and money. They are deleting entire networks with “wiper” attacks.
Analysts in the cybersecurity community are speculating that if Iranian military cyber attackers can’t effectively penetrate U.S. military systems, they could target the broader non-governmental sector and cause disruption to many U.S.-based commercial entities.
The cyberattacks also identified BlueKeep, a flaw in Microsoft’s remote desktop protocol (RDP) that could allow a hacker to take total control of a computer.
The threat is significant since many organizations use RDP so IT teams can remotely troubleshoot system.
The vulnerability was first acknowledged by Microsoft in May and reported to impact older versions of Windows 2000 through Windows Server 2008 R2, Windows XP and Windows 7.
While Microsoft replaced these versions of Windows many years ago, some financial institutions may still be using unsupported versions like Windows XP because they depend on custom software that isn’t compatible with later versions or because upgrading is considered too costly.
The vulnerability is so high that Microsoft took the unusual step of providing security patches for retired programs Windows 2003 and Windows XP.
All organizations should make sure they have applied Microsoft’s latest security patches to address this vulnerability and follow the NSA’s strict guidelines for the use of RDP.
Learn how to tell if you’re safe in our article about the Iranian cyberattacks or visit our web page to learn more about Wipfli’s comprehensive portfolio of cybersecurity services.