Map of Iran depicted in blue binary code.

Prepare for heightened risk of Iranian cyberattacks

Information security officials warn of potential threats from nation-state bad actors

ByMegan Ryan and Krista Taylor
June 24, 20253 min read

KEY POINTS

  • Heightened threats: Following recent military strikes, U.S. companies face increased risks from Iranian state-sponsored cyberattacks.
  • Proactive measures: Implement multifactor authentication, strong passwords and employee training to enhance cybersecurity resilience.
  • Supply chain security: Evaluate and secure your supply chain to prevent breaches through compromised third-party software.

Following last weekend’s American military strikes in Iran, the Department of Homeland Security has issued a warning for companies to be vigilant in defending their information security systems and infrastructure. The warning says “low-level cyberattacks against U.S. networks by pro-Iranian ‘hacktivists’ are likely” with a particular focus on “poorly secured U.S. networks and internet-connected devices.”

The Cybersecurity and Infrastructure Security Agency (CISA) has urged companies to improve resilience against nation-state cyber threats by proactively assessing their cyber preparedness, enhancing defenses, monitoring suspicious activity, and educating employees on reporting suspicious emails and links.

“It is important to be on the lookout for retaliation through cyberattacks directed at U.S. critical infrastructure and organizations,” said Paul Tucker, chief information security officer at BOK Financial®.

Cybersecurity experts have identified multiple distinct Iranian state-sponsored or pro-Iran hacktivist threat actor groups who are financially motivated cybercriminals and have historically targeted U.S. organizations during heightened conflicts. Preparedness is crucial, as cyberattacks targeting other countries, like Israel, could indirectly affect U.S. companies due to network interconnectedness.

Historically, Iranian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics to gain initial access to target networks including:

  • Spear phishing: An attack involving emails that are highly customized to the individual, making it appear like it's coming from one of your providers or vendors.
  • Brute force: A hacking method using trial and error to crack passwords, login credentials and encryption keys.
  • Exploiting known vulnerabilities against accounts and networks with weak security.

Recent Iranian state-sponsored activity has included malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated APT cyber actors. The following actions are key to strengthening operational resilience against this threat:

  • Implement multifactor authentication for all accounts, especially privileged ones.
  • Use strong, unique passwords.
  • Set account lockout policies after a limited number of failed login attempts.
  • Check systems for default passwords still in use.

"Businesses and local municipalities should remain vigilant to Iranian threats and remind employees to stay alert," emphasized Tucker. "Cybersecurity today means protecting what we cannot see, in places we cannot reach. The best defense against attacks is preventing them."

Be proactive
The heightened risk of attacks also can serve as a reminder for cybersecurity best practices. CISA's checklist for organizations of all sizes provides guidance on being prepared, detection and response if an intrusion occurs.

"In today's rapidly changing landscape, businesses must ensure their employees are well trained and vigilant against cyberattacks, especially phishing attacks,” Tucker said.

“It’s imperative that employees take a moment to verify emails before interacting with them and report suspicious activity. A single click can have far-reaching consequences.”
- Paul Tucker, chief information security officer at BOK Financial

But it's more than just monitoring emails. Preventative measures also include:

  • Be prepared. Make sure you have an incident response and business continuity plan, and routinely test it, so you are ready in the event of ransomware.
  • Minimize your attack surface. Keep systems and software up to date and remediate known system vulnerabilities. Enforce multi-factor authentication for remote access and update known vulnerabilities (use CISA free tools if needed).
  • Evaluate the security of your supply chain. Actors have gained initial access to victim organizations by compromising trusted third-party software.
  • Increase employee awareness. Cybersecurity awareness training plays a crucial role in preventing cyberattacks of any kind, especially to prevent phishing attacks and password compromises.
  • Vet your suppliers. Make certain your critical vendors have strong security measures and contingency plans to ensure continued service if an incident occurs.
  • Monitor CISA guidance. The Shields Up site provides guidelines for companies of all sizes plus detailed recommendations for business leaders.

"Being prepared, having a cybersecurity playbook and robust programs, and investing in educating employees about the importance of cybersecurity safety will go far in protecting your business and clients," Tucker said.

Topics

Related Content

    BOK Financial Corporation is a more than $50 billion regional financial services company headquartered in Tulsa, Oklahoma with more than $105 billion in assets under management and administration. The company's stock is publicly traded on NASDAQ under the Global Select market listings (BOKF). BOK Financial Corporation's holdings include BOKF, NA; BOK Financial Securities, Inc., and BOK Financial Private Wealth, Inc. BOKF, NA's holdings include TransFund and Cavanal Hill Investment Management, Inc. BOKF, NA operates banking divisions across eight states as: Bank of Albuquerque; Bank of Oklahoma; Bank of Texas and BOK Financial (in Arizona, Arkansas, Colorado, Kansas and Missouri); as well as having limited purpose offices Nebraska, Wisconsin, Connecticut and Tennessee. The entities held by BOK Financial Corporation are periodically referred to collectively as BOK Financial Corporation Group. Through its subsidiaries, BOK Financial Corporation provides commercial and consumer banking, brokerage trading, investment, trust services, mortgage origination and servicing, and an electronic funds transfer network. For more information, visit www.bokf.com.

    Securities, insurance, and advisory services offered through BOK Financial Securities, Inc., member FINRA/SIPC and an SEC registered investment adviser. Services may be offered under our trade name, BOK Financial Advisors.

    Investments involve risk, including loss of principal. Past performance does not guarantee future results. There is no assurance that the investment process will consistently lead to successful investing. Asset allocation and diversification do not eliminate the risk of experiencing investment losses. Risks applicable to any portfolio are those associated with its underlying securities.

    INVESTMENT AND INSURANCE PRODUCTS ARE: NOT FDIC INSURED | NOT GUARANTEED BY THE BANK OR ITS AFFILIATES | NOT DEPOSITS | NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY | MAY LOSE VALUE.

    The content in this article is for informational and educational purposes only and does not constitute legal, tax or investment advice. Always consult with a qualified financial professional, accountant or lawyer for legal, tax and investment advice. Neither BOK Financial Corporation nor its affiliates offer legal advice.

    BOK Financial® is a trademark of BOKF, NA. Member FDIC. Equal Housing Lender . © 2025 BOKF, NA.