Iran Likely To Retaliate With Cyberattacks

Iran is likely to respond with cyberattacks against Western businesses in response to the Trump administration's withdrawal from the nuclear deal, cybersecurity experts say. Recent research suggests attacks could come "within months, if not faster," according to security firm Recorded Future.
 
The research paints a detailed picture of how Iran uses contractors and universities to staff its offensive cyber-security operations, or hacking efforts, against foreign targets.
 
A former insider with knowledge of Iran's hacking operations said the attacks are likely to be launched by contractors and thus pose a greater risk of spinning out of control.
 
Recently, President Donald Trump announced the US would withdraw from the Iran nuclear deal, a pact of Western nations that pledged to lift economic sanctions against Iran in exchange for limiting its nuclear program. The UN's nuclear verification agency said Iran had complied with the agreement. Although there has been no evidence or intelligence to suggest a cyber-attack is in the works, researchers say they predict, based on Iran's past cyber activities, that retaliatory cyber-attacks are likely.
 
"We assess that within months, if not sooner, American companies in the financial, critical infrastructure, oil, and energy sectors will likely face aggressive and destructive cyber-attacks by Iranian state-sponsored actors," said Priscilla Moriuchi, a former NSA analyst, now at Recorded Future.
 
"The Islamic Republic may utilise contractors that are less politically and ideologically reliable, and trusted, and as a result, could be more difficult to control," she said.
 
Countries allied with the US and Europe, like Saudi Arabia and Israel, are also at risk, the report said. Levi Gundert, who co-authored the research, told ZDNet the attacks will likely aim for "maximum impact," such as a malware attack rather than a denial-of-service attack. Much of the research is centered on Iran's long-known history of targeting Western businesses and governments with cyber-attacksin response to sanctions, largely because of how quickly the hackers could turn around an attack.
 
Tehran began strengthening its cyber capabilities following the Green Revolution, a period of intense protests in Iran against the incumbent government during the Arab Spring in 2009.  The government responded with a heavy crackdown, with an increased focus on cyber operations.
 
But some of the best hackers available were primarily young and financially driven, said the report. This led to mistrust and fears that the hackers could be bought by foreign intelligence agencies. According to the former insider, that led to a tiered trust system that centered Tehran's hacking efforts around a central team of trusted and ideologically aligned middle management that dishes out assignments to contractors, often pitting teams against each other, who get paid only when the work is completed. 
 
The government also uses compartmentalisation, giving one team an infiltration mission and using another to launch a remote code execution attack.
 
It's estimated that at least 50 organisations are competing for government hacking work, the research said, including contractors and universities to conduct hacking operations.
 
One such institution, Imam Hossein University, was sanctioned by the US Treasury for its connections to the Islamic Revolutionary Guard Corps (IRGC), Iran's military intelligence unit. But because some of Iran's best operators "are not always the most devout or loyal to the regime," the researchers warn they "could be more difficult to control." That may lead to the IRGC choosing a less ideologically driven contractor, capable of delivering a destructive attack in a short period of time, instead of a trusted and less politically driven contractor.
 
"It is possible that this dynamic could limit the ability of the government to control the scope and scale of these destructive attacks once they are unleashed," the researchers said.  
 
Recorded Future isn't the only company warning of incoming Tehran-backed cyberattacks. Security firm FireEye warned that Iranian hackers were "probing Western critical infrastructure in multiple industries for future attack."
 
"These efforts did not entirely disappear with the agreement, but they did refocus on Iran's neighbors in the Middle East," said John Hultquist, FireEye's director of intelligence analysis, in an email to ZDNet.
 
"With the dissolution of the agreement, we anticipate that Iranian cyberattacks will once again threaten Western critical infrastructure," he said.
 
ZDNet
 
You Might Also Read:
 
Iran’s Cyber Capabilities:
 
The Resurgent Cyber Threat From Iran:
 
 
« Hacker Reveals What He’s Learned
Three Ways That Automation & Machine Learning Are Changing Data Centres »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

Noventiq

Noventiq

Noventiq (the brandname of Softline Holding plc) is a leading global solutions and services provider in digital transformation and cybersecurity.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Syracom

Syracom

syracom is a consultancy firm specialized in development of efficient business processes. With our expertise and IT competence, we develop tailored solutions for customers in various industries.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

Kahootz

Kahootz

Kahootz is a highly secure cloud collaboration platform helping teams to work together across organisations.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.

Cytomate

Cytomate

Cytomate is an AI-powered cybersecurity company specializing in security posture management and innovative threat intel.