Iran Likely To Retaliate With Cyberattacks

Iran is likely to respond with cyberattacks against Western businesses in response to the Trump administration's withdrawal from the nuclear deal, cybersecurity experts say. Recent research suggests attacks could come "within months, if not faster," according to security firm Recorded Future.
 
The research paints a detailed picture of how Iran uses contractors and universities to staff its offensive cyber-security operations, or hacking efforts, against foreign targets.
 
A former insider with knowledge of Iran's hacking operations said the attacks are likely to be launched by contractors and thus pose a greater risk of spinning out of control.
 
Recently, President Donald Trump announced the US would withdraw from the Iran nuclear deal, a pact of Western nations that pledged to lift economic sanctions against Iran in exchange for limiting its nuclear program. The UN's nuclear verification agency said Iran had complied with the agreement. Although there has been no evidence or intelligence to suggest a cyber-attack is in the works, researchers say they predict, based on Iran's past cyber activities, that retaliatory cyber-attacks are likely.
 
"We assess that within months, if not sooner, American companies in the financial, critical infrastructure, oil, and energy sectors will likely face aggressive and destructive cyber-attacks by Iranian state-sponsored actors," said Priscilla Moriuchi, a former NSA analyst, now at Recorded Future.
 
"The Islamic Republic may utilise contractors that are less politically and ideologically reliable, and trusted, and as a result, could be more difficult to control," she said.
 
Countries allied with the US and Europe, like Saudi Arabia and Israel, are also at risk, the report said. Levi Gundert, who co-authored the research, told ZDNet the attacks will likely aim for "maximum impact," such as a malware attack rather than a denial-of-service attack. Much of the research is centered on Iran's long-known history of targeting Western businesses and governments with cyber-attacksin response to sanctions, largely because of how quickly the hackers could turn around an attack.
 
Tehran began strengthening its cyber capabilities following the Green Revolution, a period of intense protests in Iran against the incumbent government during the Arab Spring in 2009.  The government responded with a heavy crackdown, with an increased focus on cyber operations.
 
But some of the best hackers available were primarily young and financially driven, said the report. This led to mistrust and fears that the hackers could be bought by foreign intelligence agencies. According to the former insider, that led to a tiered trust system that centered Tehran's hacking efforts around a central team of trusted and ideologically aligned middle management that dishes out assignments to contractors, often pitting teams against each other, who get paid only when the work is completed. 
 
The government also uses compartmentalisation, giving one team an infiltration mission and using another to launch a remote code execution attack.
 
It's estimated that at least 50 organisations are competing for government hacking work, the research said, including contractors and universities to conduct hacking operations.
 
One such institution, Imam Hossein University, was sanctioned by the US Treasury for its connections to the Islamic Revolutionary Guard Corps (IRGC), Iran's military intelligence unit. But because some of Iran's best operators "are not always the most devout or loyal to the regime," the researchers warn they "could be more difficult to control." That may lead to the IRGC choosing a less ideologically driven contractor, capable of delivering a destructive attack in a short period of time, instead of a trusted and less politically driven contractor.
 
"It is possible that this dynamic could limit the ability of the government to control the scope and scale of these destructive attacks once they are unleashed," the researchers said.  
 
Recorded Future isn't the only company warning of incoming Tehran-backed cyberattacks. Security firm FireEye warned that Iranian hackers were "probing Western critical infrastructure in multiple industries for future attack."
 
"These efforts did not entirely disappear with the agreement, but they did refocus on Iran's neighbors in the Middle East," said John Hultquist, FireEye's director of intelligence analysis, in an email to ZDNet.
 
"With the dissolution of the agreement, we anticipate that Iranian cyberattacks will once again threaten Western critical infrastructure," he said.
 
ZDNet
 
You Might Also Read:
 
Iran’s Cyber Capabilities:
 
The Resurgent Cyber Threat From Iran:
 
 
« Hacker Reveals What He’s Learned
Three Ways That Automation & Machine Learning Are Changing Data Centres »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Acumera

Acumera

Acumera is a leader in managed network security, visibility and automation services.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.