Connect with us

The Online Technology

Iran may launch “destructive” cyberattacks against the US, experts warn

Explore Technology

Iran may launch “destructive” cyberattacks against the US, experts warn


The consequences of the U.S. killing Iran’s top general Quassim Suleimani could imminently spill over into cyberspace, experts and officials said after the deadly missile strike in Baghdad. 

One senior cybersecurity official at the Department of Homeland Security, Christopher Krebs, warned American companies and government agencies to “pay close attention” to critical systems and “Iranian [tools, tactics, and procedures]” in the wake of the attack. 

While President Trump, who ordered the strike on Maj. Gen. Suleimani, is reportedly sending thousands more U.S. troops to the Middle East, cybersecurity experts warned that further conflict could happen online with far-reaching real world consequences.

“Given the gravity of the operation last evening we are anticipating an elevated threat from Iranian cyberthreat actors,” said John Hultquist, the director of intelligence analysis at cybersecurity specialists FireEye. “We will probably see an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment. We also anticipate disruptive and destructive cyberattacks against the private sphere.”

The warnings echoed previous alerts over the past three years as tensions between Washington and Tehran have escalated.

Exceptionally active

The United States and Iran are two of the most advanced, active, and capable hacking powers in the world at the forefront of an era when hacking is regularly used by governments accomplish important goals and shape geopolitics. Tensions between the two countries and their allies have produced a lengthy history of extraordinary cyberattacks in addition to traditional kinetic warfare. 

Ten years ago, a suspected American-Israeli cyberattack against Iranian nuclear facilities was discovered by researchers after the worm mistakenly spread around the world. Known as Stuxnet, the US attack remains one of the most advanced and unprecedented hacking operations ever conducted.

Before the 2015 Iran nuclear deal was brokered between the US, Iran, Europe, Russia, and China, hackers from Iran regularly targeted American finance companies and critical infrastructure. Hultquist said that activity has been relatively limited since the deal—even though the U.S. pulled out of the agreement in May 2018—but he believes Iran’s relative restraint could be replaced by new operations after Suleimani’s killing.

Real Life. Real News. Real Voices

Help us tell more of the stories that matter

Become a founding member

Tehran may have slowed down on direct attacks against the United States, but it has been exceptionally active hacking throughout the Middle East for an entire decade. Saudi Arabia, Iran’s chief regional rival and one of America’s foremost allies, has been a repeated target. 

Within the last year, Iran and the US have repeatedly targeted one another in hacking operations. Iranian government hackers tried to breach President Trump’s reelection campaign. US Cyber Command reportedly hamstrung Iran’s paramilitary force during a period of high tensions earlier this year.

Potential retaliation

The strike has already increased tensions. Iran’s supreme leader Ayatollah Ali Khamenei vowed “a forceful revenge” for the killing of Suleimani, who was widely seen as the second most powerful man in Iran.

“In every modern conflict, cyber will play a role,” says Sergio Caltagirone, a former technical lead at the NSA who now works at the industrial cybersecurity firm Dragos. “Whether that’s a hidden role or an overt role, cyber will have a place, especially in operations that are as important as these for both countries. I fully expect cyber to play some role. What role it plays, how prominent it is, and whether anyone knows about it is a whole other question.”

Dragos sent an alert out today to its industrial customers with operations in the United States and Middle East warning of an increased likelihood of destructive cyberattacks. Saudi Arabia and Kuwait were identified as particularly likely targets given their long history of being on the receiving end of Iranian cyberattacks. (Full disclosure: A family member works for Dragos but was not involved in this report.)

Dmitri Alperovitch, co-founder of the cybersecurity firm CrowdStrike, listed Iranian cyberattacks against American financial companies and critical infrastructure along with attacks against Saudi oil as potential retaliation from Tehran. 

“We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously,” Hultquist said. “In the past, subverting the supply chain has been the means to prolific deployment of destructive malware by Russian and North Korean actors.”

The increased threat of conflict between Iran and the United States could have drastic and potentially deadly consequences.

“My biggest concern is the humanitarian cost to it all,” says Caltagirone. “When countries pull cyber triggers to conduct cyber effects, a lot of the times it’s against civilian targets rather than military targets. Right now it looks like civilians and innocent people all around the world, including Iranians, Americans, and Saudis, will bear the brunt of impact of these attacks. That’s the saddest part of all of this: States are in conflict but civilians feel the consequences.”


Source link

Subscribe to the newsletter news

We hate SPAM and promise to keep your email address safe

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To Top