Iran may turn to cyber war

  • 27 June 2019
  • NormanL

While tensions with Iran continue to run high, it's important to undertand that the Persian Gulf isn't the only field of concern. According to this report, the Department of Homeland Security is warning Iran could be mounting a wide-ranging cyber war against public and private targets:

...the director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency is warning that Iran is elevating its efforts to do damage to US interests through destructive malware attacks on industrial and government networks.

In a statement issued on Saturday, June 22, CISA Director Christopher C. Krebs said:

CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. Iranian regime actors and proxies are increasingly using destructive "wiper" attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.

Krebs urged businesses and agencies to take steps to improve their security hygiene, including implementing multi-factor authentication for user credentials to prevent brute-force attempts to connect to exposed network and cloud applications.

That's pretty scary. And evindence strongly suggests Iran has conducted such operations before:

There have been allegations of Iranian-backed wiper attacks in the past—the most infamous of which is Shamoon, a family of malware that first emerged in an attack against Saudi Aramco in August of 2012.

Shamoon, which in its first outing took down approximately 30,000 workstations, was launched after a state-sponsored wiper attack against Iran in April of that year. It's believed to be connected to the same state-sponsored development team that built the Stuxnet malware that attacked Iranian nuclear labs. Tied to the suspected Iranian "threat group" APT33, Shamoon was refreshed for another attack against multiple Saudi targets in December 2016.

Other wiper attacks from Iran have been somewhat less sophisticated. In January of 2014 after Las Vegas Sands Corp. majority owner Sheldon Adelson called for a nuclear attack on Iran, Iranian hacktivists used a Visual Basic-based malware attack to wipe the drives of Sands' computers.

Most other recent Iran-attributed attacks have focused on data theft—including attacks focused on aviation and energy companies. In 2015, a group tied to the Iranian Revolutionary Guard Corps used spear-phishing attacks to compromise computers at the US State Department, stealing data that may have led to the arrest of multiple Iranians holding dual US citizenship. Other attacks attributed to Iran have focused on taking down Web servers at financial institutions.

Increasingly, the battlefields between nations are not based on land or sea, but online. The federal government has a mixed record of securing its data form hackers, as does the U.S. private sector. Both should heed the DHS warnings and beef-up their security now.