Cyberattacks Surge on Banks and Fintech Companies Following Iran Conflict Escalation

Cyberattacks on Banks and Fintech Companies Surge Following Iran Conflict

The onset of the Iran war has triggered a significant spike in cyber activity, with banks, fintech firms, and other critical businesses facing a wave of malicious traffic.

According to Akamai, the surge has resulted in a 245 percent increase in credential harvesting, automated reconnaissance, and denial-of-service preparation attempts.

The Financial Sector is Disproportionately Affected

The financial sector has been disproportionately affected, with banking and fintech companies bearing the brunt of the attacks.

E-commerce, gaming, technology, and media platforms have also been targeted.

This distribution of attacks suggests that cyber operations linked to geopolitical tensions are no longer focused solely on symbolic government targets, but are also targeting the digital systems that support payments, consumer activity, and daily commercial life.

Cybersecurity Analysts Warn of the Risks

Cybersecurity analysts have long warned that wars can quickly spill into private infrastructure, and the current conflict is no exception.

As companies increasingly move their operations into cloud environments and public-facing platforms, moments of geopolitical escalation can produce pressure on civilian-facing networks far from the battlefield.

Iranian-Linked Hacktivist Groups are Active

Iranian-linked and pro-Iran hacktivist groups are active in the current environment, and their campaigns can extend beyond direct military participants to regional and Western-linked targets.

Unit 42 has warned that these groups use disruptive tactics, influence operations, and destructive campaigns to rapidly expand the attack surface.

The Initial Wave of Attacks is Preparatory

The initial wave of attacks appears to be preparatory rather than spectacular, with a focus on botnet-driven discovery traffic, automated reconnaissance, infrastructure scanning, credential harvesting, and early probing ahead of distributed denial-of-service attacks.

This activity is often a precursor to more serious attacks, as attackers identify vulnerabilities and weaknesses in an organization’s defenses.

Attribution is Difficult

The use of proxy infrastructure has made it difficult to attribute the source of the attacks, with many source IP addresses attributed to Russia and China.

However, this does not necessarily mean that the operators are Russian or Chinese, as proxy networks and permissive hosting environments can obscure attribution.

A Recent Example of the Danger

The recent attack on Stryker, a global medical technology company, is a clear example of the danger posed by these attacks.

An Iran-linked group claimed responsibility for a destructive cyber operation that disrupted internal systems, affected employee devices, and interfered with ordering, manufacturing, and shipping.

The incident caused significant business disruption across a company operating in 61 countries.

The Line Between Geopolitical Signaling and Commercial Disruption is Thin

The line between geopolitical signaling and commercial disruption is thin, and security officials fear that the surge in scanning and probing will not remain abstract for long.

Businesses must be aware that cyber risk rises during war, and that it can do so unevenly and without warning.

The organizations under the greatest pressure are often those whose networks are visible, whose services are essential, and whose disruption can send the widest signal.