Cyber-warnings, cyber-speculation over cyber-Iran's cyber-retaliation cyber-plans post-Soleimani assassination

Experts reckon regional infrastructure is in the cross-hairs

With tensions soaring between America and Iran following the drone strike that killed top Persian general Qassem Soleimani, experts are weighing in on what the US could face should the Mid-East nation fully mobilize its cyber resources.

The threat of an online attack from the wannabe-nuclear state was significant enough that over the weekend the US Department of Homeland Security's National Terrorism Advisory System posted a seemingly dire alert [PDF] outlining the capabilities of Tehran's hackers.

"Iran maintains a robust cyber program and can execute cyber attacks against the United States," Uncle Sam warned.

"Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States. Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of US-based targets."

While Iran has previously targeted things like energy and oil plants with months-long hacking campaigns, the nation's ability to spark nationwide damage and panic in the US is in doubt, according to experts.

Rather, they believe, Iranian computer-security offensives would probably look more like attacks restricted to specific limited geographical regions. Of course, a region like New York City is home to millions of people, so it's not a threat that can be ignored – though it's nothing to lose your mind over.

"If an attack were to occur, the impacts would likely be limited and local," said Sergio Caltagirone, veep of threat intelligence at infosec outfit Dragos. "Industrial infrastructure worldwide is resilient but, also underprepared to defend itself. We need to do more, but fear less."

That is not to say that Iran would not be capable of wrecking or disrupting equipment remotely. FireEye director of intelligence analysis John Hultquist noted to The Register that the Mid-East country's tendency to use wiper malware infections has been particularly effective against industrial control systems.

"Iran has leveraged wiper malware in destructive attacks on several occasions in recent years," Hultquist said. "Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations."

In short, there is a real and significant threat of attacks from Iran on industrial infrastructure, though we're not likely to see anything like a sustained, widespread crippling of critical systems.

Then, there is the information warfare threat. While the defacement attacks spotted thus far have been dismissed as the work of private groups of unsophisticated "script kiddies," Iran also maintains a formidable information warfare operation of its own.


Iran says it staved off cyber attack but doesn't blame US


The use of that network could take the form of widespread disinformation efforts, say experts.

"We are already seeing Iranian disinformation efforts by these networks surrounding [the Soleimani] strike, and the US should expect that Iranian influence efforts surrounding the US will increase over the coming days or weeks as political developments evolve," said FireEye senior manager of information operations analysis Lee Foster.

"There are many similarities and some differences between Iran’s tactics in this space and those of Russia, which has received the majority of public attention regarding state-directed information operations. Iran’s efforts, in general, have been more geographically widespread than Russia’s, being directed at audiences in most parts of the globe."

Regardless of their form, cyber-attacks from Iran are largely seen as inevitable, though at the same time are nothing to panic over. Rather, admins should maintain a close eye on their networks, particularly incoming connections, and follow best security practices, particularly for embedded and industrial systems. That means putting systems behind firewalls and limiting access, using air gaps, using non-default secure passwords and multi-factor authentication if possible, keeping up with patches, and so on.

Given the Iranian's fondness for software wiping attacks, making sure backups are up to date wouldn't hurt either. ®

Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021