Iran still suspected The FBI has reportedly briefed US bank executives on a wave of cyberattacks that have lashed the industry since last summer as part of a new policy designed to foster co-operation between the state and private sectors.According to comments made at a Reuters event by FBI executive assistant director Richard McFeely, the Bureau had carried out a large videoconference with dozens of bank heads across the US last month to urge them to share data on the attacks they are experiencing.In the past the organisation had conducted its investigations without keeping victim firms – in this case banks – informed, he admitted.“That’s 180 degrees from where we are now,” Reuters reported him as saying of the FBI’s change of approach. For their part, many private sector organisations were still reluctant to offer up attack data, probably because they saw little tangible point in doing so.Exactly what McFeely told the bank bosses about the attacks is still confidential. He refused to be drawn on their origin but sources close to US officials have previously privately accused Iran of being behind them as part of a low-key cyberwar that probably represents retaliation for the US’s unleashing of a clutch of Stuxnetlike cyberweapons against Iran since 2007.Malware is said to have been involved in the recent attacks although the most obvious evidence has been the waves of large and sophisticated realtime DDoS attacks battering customer-facing bank websites.These started last summer and have spiked at intervals ever since with a peak in January. One public ‘campaigning’ face of these attacks is the Izz ad-Din al-Qassam Cyber Fighters hacker group which is seen as being half Iranian Anonymous and half an arm of the Iranian State.For its part Iran has also fired back accusations that it nuclear programme is still under attack even in the post-Stuxnet period.To many in the security industry the two-way exchange is nothing less than the first sustained cyberwar between two states, neither of which is yet prepared to admit as much.That could turn out to be an unexpected feature of early cyberwar – its invisbility. Related content news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Malware Cybercrime news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO CSO and CISO CSO and CISO news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe