Marketplace Tech Iran’s cyberwar on American banks
18 snips
Mar 5, 2026 Rafe Pilling, Director of Threat Intelligence at Sophos and cybersecurity expert, walks through Iran-linked cyber operations and historical DDoS attacks on U.S. banks. He explains how those attacks worked and how defenses have hardened. He also outlines current Iranian tactics like phishing, vulnerability scanning, and information operations, and flags risks to healthcare and data-rich organizations.
AI Snips
Chapters
Transcript
Episode notes
DDoS Campaigns Disabled Bank Websites
- Iranian-linked attacks in 2011–2013 used distributed denial of service to overwhelm bank websites and block customer access.
- Attackers infected many computers to flood requests at specific times, forcing banks to filter malicious traffic to stay online.
Design Services To Filter And Absorb DDoS
- Design external-facing services to filter and sift malicious traffic from legitimate users to mitigate DDoS impact.
- Use mitigation services that absorb and redirect attack traffic so customers can still access sites.
Iran Shifted From Defacements To State-Sponsored Campaigns
- Iran's cyber capabilities evolved from website defacements to structured operations run by IRGC and the Ministry of Intelligence and Security.
- These sponsors now manage groups that perform DDoS, data theft, and information operations to sow doubt.