Marketplace All-in-One Iran’s cyberwar on American banks
Mar 5, 2026
Rafe Pilling, Director of Threat Intelligence at Sophos, explains Iranian-linked cyber campaigns and their evolution. He recounts the 2011–2013 DDoS assaults on U.S. banks. He outlines modern tactics like phishing, scanning, data theft, and threats to healthcare. He assesses banks’ resilience and where risks remain highest.
AI Snips
Chapters
Transcript
Episode notes
DDoS Attacks Crippled Bank Websites
- Early Iranian attacks were large distributed denial of service campaigns that used infected machines to overwhelm banking websites.
- The 2011–2013 campaign repeatedly made retail and business banking sites unavailable and forced banks to filter and sift malicious traffic.
Filter And Separate Malicious Traffic During DDoS
- Design defenses to filter malicious traffic and distinguish it from legitimate users during DDoS incidents.
- Organizations must actively mitigate volume spikes by recognizing and sifting out attack traffic to maintain service availability.
State Actors Scale From Defacement To Strategic Campaigns
- Iran's cyber capabilities evolved from website defacements to structured operations sponsored by IRGC and the Ministry of Intelligence.
- Those groups run campaigns that combine data theft, leaks, and information operations to sow fear and doubt.