The California DFPI and other oversight bodies are urging heightened vigilance as Iran-linked groups target private-sector entities.
03/17/2026 10:00 A.M.
Financial regulators are sounding the alarm about a new wave of cyber threats, catalyzed by escalating military tensions in the Middle East.
The California Department of Financial Protection and Innovation (DFPI) and the New York Department of Financial Services (NYDFS) both issued warnings this month, urging heightened vigilance.
Christina Tetreault, a deputy commissioner with the DFPI, confirmed in a recent industry event that “financial institutions are a target” as Iran-linked groups vow to strike entities tied to U.S. and Israeli interests, Banking Dive reported.
While the banking sector has experience defending against ransomware, the emerging “wiper” threat presents a more difficult challenge, according to Jonathan Goldberger, CEO of SecureGovernComply. Unlike ransomware groups that lock data to extort a fee, state-affiliated actors like the Iran-linked Handala group appear more interested in permanent destruction.
This shift was underscored by a severe attack on Michigan-based medical technology firm Stryker last week. The breach, which Handala claimed, reportedly used Microsoft Intune to issue remote-wipe commands across the company’s global network, affecting more than 200,000 systems and mobile devices. Rather than a demanding payment, the attackers left defaced login pages and a manifesto.
When the goal is to erase data rather than hold it for ransom, traditional recovery strategies —which often assume an eventual return of access — may not work. Fitch Ratings recently warned that these nation-state actors are increasingly targeting key elements of the global economy to distribute their message.
Goldberger said Handala is known for using sophisticated phishing campaigns. They often impersonate trusted cybersecurity vendors or internal IT services to trick employees into clicking malicious links or downloading “security updates.”
Once a single employee falls for a phishing hook, the attackers don’t always strike immediately. They may lie low for months, moving through the network to gain administrative access.
Goldberger shared three types of phishing scams companies should be on guard against:
- The “Urgent” Security Update: Be wary of emails or pop-ups claiming you need to install a “mandatory security patch” immediately, especially if it asks for your login credentials.
- Impersonating Large Corporations: Attackers often masquerade as well-known brands (like Microsoft, CrowdStrike, or even internal HR) to lower your guard.
- Unexpected MFA Prompts: If your phone asks you to approve a login you didn’t initiate, someone may have already stolen your password and is trying to bypass your last line of defense. Deny the request and report it.
Additionally, in its alert to regulated entities, the NYDFS suggested companies should, among other actions:
- Promptly identify and remediate known vulnerabilities, including through monitoring authoritative sources such as the Known Exploited Vulnerabilities Catalog.
- Prepare for disruptive and destructive cybersecurity incidents by reviewing and testing operational resilience procedures to protect and restore critical functions, information systems, and nonpublic information.
- Enhance monitoring for suspicious and unauthorized activity on information systems.
- Ensure user and service account privileges for accessing and maintaining information systems, including web servers and databases, follow the principle of least privilege.
ACA’s Take
ACA has a partnership with SecureGovernCompany, which is a member of our Alliance ACA program. SecureGovernComply provides cost-conscious enterprise-grade cybersecurity, information technology and compliance solutions for small and mid-size businesses. ACA members get discounted rates on security products and a free cybersecurity audit, among other benefits.
Additionally, Collectors Insurance Agency Inc. (CIA), a subsidiary of ACA, has partnered with Coalition, a leading cyber insurance provider that can proactively reduce cyber risks for ACA member companies. Coalition offers a comprehensive cyber risk management platform that helps clients detect, assess, and mitigate cyber threats throughout the life of a cyber insurance policy.
Coalition has demonstrated success in reducing claims frequency by 73% compared to the industry average. This active risk management approach involves partnering with policyholders to minimize risks throughout the policy lifecycle, rather than waiting for claims to occur.
ACA members interested in learning more about Coalition’s cyber insurance offerings through Collectors Insurance Agency can contact CIA at collectorsinsurance@acainternational.org or 952-928-8000 (ext. 4).
Related Content from ACA International:
Remember, subscribe to ACA Daily and Member Alerts under your My ACA Assistant profile when logged in to acainternational.org.