By Ray Birch
WASHINGTON—As tensions escalate following the U.S. military strike on Iran’s nuclear facilities, financial institutions must prepare for what could be Iran’s most effective and devastating form of retaliation: cyberattacks.
With limited military options and a proven track record in cyberspace, Iran is widely expected to turn to digital warfare in the coming days. According to former FBI agent and cybersecurity expert Brian Boetig, financial institutions sit directly in the crosshairs.
“We are still in the fog of war, waiting to see exactly how the Iranians will respond,” said Boetig, principal at cybersecurity firm Global Trace. “But if history is any guide, the financial sector is likely to be one of the first targets.”
A History Of Cyber Sabotage
Boetig was on the frontlines in Washington in 2012 and 2013 when Iran launched a series of coordinated distributed denial of service (DDoS) attacks against U.S. banks and credit unions.
“Their capabilities were reaching the red line. The only reason we stayed ahead of the curve was because financial institutions collaborated, worked overnight, and pushed that red line further every day,” he said.
Those attacks served as a wake-up call—and a warning. Iran has the capability, experience, and motive to launch cyber operations that can bring down financial networks, disrupt services, and compromise customer data.
The New Threat: Dormant Cyber Sleeper Cells
What makes the current threat so alarming is the possibility that Iran’s actors may already be inside financial networks—lying dormant, waiting for the green light.
“If they’re already in your network, you either haven’t done your due diligence to find them, or they’ve been stealthy enough that they’re on there and you haven’t found it,” Boetig warned. “They’re sitting there, lying dormant.”
In this moment of heightened geopolitical tension, institutions must not only defend against new intrusions, but also hunt for threats that may already exist within their systems, Boetig reiterated.
The Path Forward: Real-Time Intelligence Sharing
According to Boetig, the most critical response now is not isolation, but collaboration.
“If a credit union or a financial institution is not part of a larger group of colleagues sharing information, you’re going to fail,” he said. “You have to be involved with your peers to get this information in real time, so that you can take action before it’s too late.”
That means engaging with entities like the Department of Homeland Security (DHS), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), which are expected to issue specific threat indicators within the next 24 to 72 hours. These advisories will likely include key signs of Iranian tactics, techniques, and procedures—essential intelligence that must be acted on swiftly, Boetig said.
Boetig also emphasized the value of nonprofit organizations like the National Cyber Forensics and Training Alliance (NCFTA), which brings together the FBI and major financial institutions in a secure environment to share live threat intelligence.
“Marketing strategies may be off-limits, but cybersecurity teams share intel regularly—and that’s what’s going to keep you safe,” Boetig said.
Don’t Let Your Guard Down Elsewhere
While all eyes are currently fixed on Iran, Boetig offered a final, sobering caution: “When all the focus is on Iranian potential cyberattacks, this is exactly when other adversaries—like China and Russia—will take advantage. They know we’re looking in one direction. That gives them an opening.”
As credit unions and other financial institutions brace for possible attacks from Iranian cyber actors, they must not lose sight of the broader threat landscape. The most dangerous mistake would be to assume only one adversary is in play, Boetig said.
“In the coming hours and days, the most resilient institutions will be those that act quickly, share broadly, and defend proactively,” he said.
Boetig cautioned that financial institutions must remain vigilant despite President Donald Trump’s announcement Monday night that Israel and Iran had agreed to a cease-fire that could signal an end to the conflict.