On January 4, 2020, the Department of Homeland released a bulletin warning Americans to prepare for potential cyber attacks sponsored by Iran. This alert came in light of promises of retaliation made by Iran and allies against the US for the killing of Islamic Revolutionary Guard Corps (IRGC) Quds Force commander, Qassem Soleimani, on January 2. The primary concern is Iran’s ability – and willingness – to conduct open cyberwarfare and the long-term effects it could have.
Fallout from Iraq Drone Strike and Historical Tensions
Already there have been several recorded attacks against web properties and critical databases, some blatantly pointing to Iranian culprits and some still suspected of it. Iran has a history of going after US and allied targets during periods of tension through either intermediaries or their own internal cyberwarfare forces.
Iran’s Hacking Capabilities
Ever since falling victim to their own cyber virus, Iran has worked hard to pursue a cyberwarfare strategy. Through a network of IRGC units, state-sponsored “hacktivists” and outsourced contractors, Iran has augmented its espionage activities with a cyber component responsible for hundreds to thousands of attacks over the past decade.
Though not thought to be as advanced as their Russian or Chinese counterparts, Iranian hackers have managed to carry out significant strikes against various targets and have been accused of many more. Even recently, multiple other cyber attacks attributed to Iran or their surrogates have occurred all over the world, with confirmed breaches in Bahrain, Europe, and the US.
The Cyber Cold War Landscape in 2020
A state of Cyber Cold War has existed between the US and Iran for at least a decade, with the former widely suspected of taking part in the Stuxnet infection and the latter attempting to retaliate ever since. However, the new age of cyberwarfare is complicated by the ‘Wild West’ nature of the Web. There is a much greater level of plausible deniability with cyber attacks than traditional kinetic warfare or physical espionage.
This allows any country – or group – to avoid open conflict while still pursuing their objectives, perhaps even disguising themselves as another potential bad actor as Iran experienced with their own ostensible ally, Russia. Another example would be the cascade of cyber attacks Israel claimed were attempted against its airport system during the World Holocaust Forum. Israeli cybersecurity professionals were able to trace the attacks back to Iran, as well as Russia, China, North Korea and Poland.
Given the list of countries involved, including some whose leaders would have been affected if the attacks were successful, it is hard to pin down the exact culprits or even their true purpose. It could just as easily have been cyber spies as anti-Semitic terrorists, and there is no telling whether this was coordinated or just a random assortment of hackers.
What to Expect From Iranian or Other Nation-State Hackers
Planning an effective cyber attack takes time, skill and patience. For all of Iran’s successful hacks, most were successful due to a mix of lack of victim cybersecurity controls and the Iranians’ luck. Even some of those successes were done by mistake, and the only clear objective has been to humiliate rivals and enemies, and this has limited damage in most cases.
However, this could prove to be a double-edged sword as if Iran ever decided there was nothing to lose, they could target as many poorly-defended endpoints as possible. Though their cyberwarfare arsenal includes various tools, Iranian hackers have shown proficiency with malware, especially with “data wipers” and ransomware. This means that they could potentially decide to begin overwhelming weaker cybersecurity targets by destroying or locking down data to cause financial damage or even generate revenue for themselves.
Prepare Your Data Against Incoming Cyber Threats
The reality of the digital age is that data has become a valuable commodity, and governments and cybercriminals alike are discovering ways to capture it for their own interests. If your business is ever caught in the crossfire of international tensions, your data will be the first thing exposed – unless you ensure you have cybersecurity controls in place.
Download SWK’s free e-book to learn how to better protect your critical data with secure cloud backups.