The United States has had a protracted adversarial relationship with Iran dating back to the end of the Islamic Revolution in 1979. In 2010, the U.S. and Israel infected computers running Iran’s nuclear program with the Stuxnet virus in an attempt to slow Iran’s progress toward nuclear capability. Since that time, the adversarial relationship has increasingly played out in cyberspace. Iran has invested heavily in developing a robust cyber-warfare program headed by the Islamic Revolutionary Guard Corps to conduct attacks on the national interests of the USA and its allies.
Because of increasing global tensions and their drive to exact revenge on the United States, cyber terrorism designed to disrupt American interests is likely to escalate.
In relation to the threat of Iranian cyber-attacks, a recent Department of Homeland Security Alert stated that “An attack in the homeland may come with little or no warning.” Indeed, as of the time of writing this blog various reports are coming in from Texas and Las Vegas as to cyber attack activity associated with the increased tensions and this is only the tip of the iceberg…
Iran-inspired cyber-attacks will come not from Iran alone but will also be perpetrated by a myriad of proxies that Iran funds such as:
- Hezbollah in Lebanon
- Certain Shiite Militias in Iraq
- Houthis in Yemen
- Foreign Fighters in Syria
- Sympathetic Hacking Groups Worldwide
Iran has the capability to reach out and disrupt with plausible deniability – or at least without their direct fingerprints on the hacker’s keyboards.
One of these groups recently defaced the website of the U.S. Federal Depository Library Program. On the site’s homepage, along with objectionable images, they wrote, “Hacked by Iran Cyber Security Group Hackers. This is only small part of Iran’s cyber ability! We’re always ready.”
Political scientist at the RAND think tank, Ariane Tabatabai stated, “If (Iran is) going to be able to match the US, and compete with and deter it, it has to do it in a realm that’s more equal, and that’s cyber.”
Why Cybersecurity Attacks?
Cyberterrorism is a relatively new tool in the arsenal of Iran and its proxies. The internet has changed both their reach and the vulnerability of the USA and its allies. Unfortunately, the cyber-attack capacity of Iran and its proxies is not a theoretical concept. They have reached across the ocean to attack financial institutions, news organizations, and even corporations that have spoken out against the Iranian regime.
The great advantage of cyber-intrusion for the Iranians is that they can work through their proxies and have some measure of deniability. Because Iran cannot take the risk of a kinetic response from the USA, they must work with the tool of cyber-attacks and through their proxies.
In an interview with Wired, Peter Singer, a cybersecurity strategist at New America Foundation, stated, “They (Iran) have the capability to cause serious damage.”
What is Iran’s Cyber-Warfare Division After?
To make up for the crippling sanctions imposed upon Iran by the international community, Iran’s Cyber-Warfare division is involved in everything from phishing scams to ransomware attacks – just to get some cash flow. More recently, their desire to disrupt – causing trouble for trouble’s sake.
In relation to attacks on US companies, it’s important to note that the majority of the large corporations have been hardening their cybersecurity defenses for years. As a result, Iran and its proxies are most likely to indiscriminately target small to mid-size businesses, as well as local governments, because they are a softer target. This is due to the fact that these entities have been slow to adopt managed IT security.
The following are the likely targets for both Iran’s Cyber-Warfare Division as well as its proxies:
- Industrial Control Systems
- Global Supply Chain (suppliers of US companies)
- Ports & Maritime Industry Utilities
- Local Governments and Government Agencies
What Leaders Should Know About Potential Cyber-Attacks Coming Out of Iran
The nature of the internet is global. Because of this, Iran has very little that is limiting a worldwide cyber-attack footprint.
Their Damage Potential
Depending upon the geopolitical situation at the time, many options are open to Iran and its cyber-war proxies. Here are some areas where they are likely to focus:
- Wiper Malware has been used in recent years to obliterate the data from everyone from the Saudi company Aramco to the casinos run by Las Vegas Sands Corporation.
- Cyber Intrusion by Iran and its proxies has been detected and dealt with at the Department of Energy and the US National Labs.
- Denial of Service Attacks have been leveraged by the Iranian regime and its partners to target USA banks.
- A Wide Array of Cyber-Attacks such as email phishing, password spraying, credential stuffing, and targeting unpatched devices, have been used against USA business interests and nonprofits around the world.
Warnings from the US State and Federal Governments
The January 4th, 2020 DHS bulletin warns:
- Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.
The US Coast Guard Alert of Jan 4th, 2020 highlights the vulnerability of the 90% of worldwide goods that sail on container ships.
With engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access...
In order to improve the resilience of vessels and facilities, and to protect the safety of the waterways in which they operate, the U.S. Coast Guard strongly recommends that vessel and facility owners, operators and other responsible parties take the following basic measures to improve their cybersecurity:
- Segment Networks
- Per-user Profiles & Passwords
- Be Wary of External Media
- Install Basic Antivirus Software
- Don’t Forget to Patch
Maintaining effective cybersecurity is not just an IT issue, but is rather a fundamental operational imperative in the 21st century maritime environment.
The New York State Department of Financial Services warns of the increased risks to the financial services sector
There is currently a heightened risk of cyber-attacks from hackers affiliated with the Iranian government…. U.S. entities should prepare for the possibility of cyber-attacks… DFS therefore strongly recommends that all regulated entities heighten their vigilance against cyber-attacks.
What Leaders Should Be Doing Now to Protect Their Organizations from State-Sponsored Attacks
Although this is not a time for panic, it is imperative that organizational leaders take stock of their company’s or government’s cybersecurity profile and fortify where necessary. U.S. businesses and government organizations need to re-examine basic cybersecurity solutions including.
- Cybersecurity Audits and Assessments
- Continuous Vulnerability Scanning and Penetration Testing
- Employee Cybersecurity Awareness Training & Phishing Simulations
- Managed and Maintained Cybersecurity Solutions
- Endpoint Security – Antivirus
- Security monitoring of devices and cloud environments
- Data Encryption
- Automated, offsite secure data backup
- Two-Factor Authentication
- Role-Based Access
- Automatic Updates, Upgrades, Patches
- Email Security
- WiFi Security
- Mobile Device Management
In addition, companies should contemplate taking the following actions today, at lease until the increased threat subsides:
- Increasing the frequency of your backups of important data.
- Implementing multi-factor authentication, if you have not already done so.
- Increasing the frequency of password changes on your system.
- Moving up any plans to upgrade system security so that they are completed sooner.
- Increasing the logging functions on your system to better monitor activity.