Cyber-warnings, cyber-speculation over cyber-Iran's cyber-retaliation cyber-plans post-Soleimani assassination

Experts reckon regional infrastructure is in the cross-hairs


With tensions soaring between America and Iran following the drone strike that killed top Persian general Qassem Soleimani, experts are weighing in on what the US could face should the Mid-East nation fully mobilize its cyber resources.

The threat of an online attack from the wannabe-nuclear state was significant enough that over the weekend the US Department of Homeland Security's National Terrorism Advisory System posted a seemingly dire alert [PDF] outlining the capabilities of Tehran's hackers.

"Iran maintains a robust cyber program and can execute cyber attacks against the United States," Uncle Sam warned.

"Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States. Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of US-based targets."

While Iran has previously targeted things like energy and oil plants with months-long hacking campaigns, the nation's ability to spark nationwide damage and panic in the US is in doubt, according to experts.

Rather, they believe, Iranian computer-security offensives would probably look more like attacks restricted to specific limited geographical regions. Of course, a region like New York City is home to millions of people, so it's not a threat that can be ignored – though it's nothing to lose your mind over.

"If an attack were to occur, the impacts would likely be limited and local," said Sergio Caltagirone, veep of threat intelligence at infosec outfit Dragos. "Industrial infrastructure worldwide is resilient but, also underprepared to defend itself. We need to do more, but fear less."

That is not to say that Iran would not be capable of wrecking or disrupting equipment remotely. FireEye director of intelligence analysis John Hultquist noted to The Register that the Mid-East country's tendency to use wiper malware infections has been particularly effective against industrial control systems.

"Iran has leveraged wiper malware in destructive attacks on several occasions in recent years," Hultquist said. "Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations."

In short, there is a real and significant threat of attacks from Iran on industrial infrastructure, though we're not likely to see anything like a sustained, widespread crippling of critical systems.

Then, there is the information warfare threat. While the defacement attacks spotted thus far have been dismissed as the work of private groups of unsophisticated "script kiddies," Iran also maintains a formidable information warfare operation of its own.

iran_flags_648

Iran says it staved off cyber attack but doesn't blame US

READ MORE

The use of that network could take the form of widespread disinformation efforts, say experts.

"We are already seeing Iranian disinformation efforts by these networks surrounding [the Soleimani] strike, and the US should expect that Iranian influence efforts surrounding the US will increase over the coming days or weeks as political developments evolve," said FireEye senior manager of information operations analysis Lee Foster.

"There are many similarities and some differences between Iran’s tactics in this space and those of Russia, which has received the majority of public attention regarding state-directed information operations. Iran’s efforts, in general, have been more geographically widespread than Russia’s, being directed at audiences in most parts of the globe."

Regardless of their form, cyber-attacks from Iran are largely seen as inevitable, though at the same time are nothing to panic over. Rather, admins should maintain a close eye on their networks, particularly incoming connections, and follow best security practices, particularly for embedded and industrial systems. That means putting systems behind firewalls and limiting access, using air gaps, using non-default secure passwords and multi-factor authentication if possible, keeping up with patches, and so on.

Given the Iranian's fondness for software wiping attacks, making sure backups are up to date wouldn't hurt either. ®


Other stories you might like

  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading
  • Oracle sued by one of its own gold-level Partners of the Year over government IT contract
    We want $56 million, systems integrator tells court

    Oracle has been sued by Plexada System Integrators in Nigeria for alleged breach of contract and failure to pay millions of dollars said to be owed for assisting with a Lagos State Government IT contract.

    Plexada is seeking almost $56 million in denied revenue, damages, and legal costs for work that occurred from 2015 through 2020.

    A partner at Plexada, filed a statement with the Lagos State High Court describing the dispute. The document, provided to The Register, accuses Oracle of retaliating against Plexada and trying to ruin the firm's business for seeking to be paid.

    Continue reading
  • Governments opt for XaaS, dump datacenters in droves
    Outsource all the things! To whom? The lowest bidder of course, says Gartner

    The world's governments are eager to let someone else handle their IT headaches, according to a recent Gartner report, which found a healthy appetite for "anything-as-a-service" (XaaS) platforms to cut the costs of bureaucracy.

    These trends will push government IT spending to $565 billion in 2022, up 5 percent from last year, the analyst house claims. Gartner believes the majority of new government IT investments will be on service platforms by 2026.

    "The pandemic sped up public-sector adoption of cloud solutions and the XaaS model for accelerated legacy modernization and new service implementations," Gartner analyst Daniel Snyder said in a release. "Fifty-four percent of government CIOs responding to the 2022 Gartner CIO survey indicated that they expect to allocate additional funding to cloud platforms in 2022, while 35 percent will decrease investments in legacy infrastructure and datacenter technologies."

    Continue reading
  • Inverse Finance stung for $1.2 million via flash loan attack
    Just cryptocurrency things

    A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.

    "Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said on Thursday in a post attributed to its Head of Growth "Patb."

    And Inverse Finance would like its funds back. Enumerating the steps the DAO intends to take in response to the incident, Patb said, "First, we encourage the person(s) behind this incident to return the funds to the Inverse Finance DAO in return for a generous bounty."

    Continue reading
  • Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme
    Pair's multimillion-dollar contract caper unraveled

    A former Maryland Cabinet-level official and a former IT executive have pleaded guilty to involvement in a bribery and extortion scheme related to technology contracts about a decade ago.

    According to the US Attorney's Office of the State of Maryland, Isabel FitzGerald, 52, of Annapolis, Maryland, and Kenneth Coffland, 67, of Riva, Maryland, pleaded guilty last week to charges of bribery and extortion, respectively. They were indicted in 2017.

    From 2009 through September 2011, Coffland worked [PDF] at ACS, which held a $129 million IT hosting contract and $229 million applications contract with the State of Maryland Department of Human Resources (DHR). ACS, acquired by Xerox in 2010, managed the datacenter that hosted DHR applications for administering welfare benefits under federal and state programs.

    Continue reading
  • Woman accused of killing boyfriend after tracking him down with Apple AirTag
    New meaning for accessory to murder

    A woman in the US has been charged with murder after she allegedly tracked down her boyfriend using an Apple AirTag and ran him over after seeing him with another lady.

    Gaylyn Morris, 26, found her partner Andre Smith, also 26, at Tilly’s Pub in an Indianapolis shopping mall with the help of the gadget in the early hours of June 3, it is claimed.

    A witness said Morris had driven up to him in the parking lot and inquired whether Smith was in the bar, stating she had a GPS tracker that showed he was inside, according to an affidavit [PDF] by Detective Gregory Shue. Morris, the witness said, subsequently spotted Smith within the establishment.

    Continue reading
  • UK competition watchdog seeks to make mobile browsers, cloud gaming and payments more competitive
    Investigation could help end WebKit monoculture on iOS devices

    The United Kingdom's Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple's and Google's market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.

    "When it comes to how people use mobile phones, Apple and Google hold all the cards," said Andrea Coscelli, Chief Executive of the CMA, in a statement. "As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice."

    The decision to open a formal investigation follows the CMA's year-long study of the mobile ecosystem. The competition watchdog's findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.

    Continue reading

Biting the hand that feeds IT © 1998–2022