Iran's Cutting Edge Cyberwar Capabilities

Uploaded on 2020-03-16 in INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, TECHNOLOGY--Hackers

2020 has begun with political tension between the US and Iran. This has the real possibility that Iran will respond to this tension with a series of cyber strikes against both governments and business. Iran has already developed some very destructive malware and now has the capacity to hack and destroy the integrity of data and systems.

Security experts and federal officials warn that Iran could target the military another way, through potentially vulnerable defense contractors. It now has the skills and technical acumen to conduct attacks against its enemies  across numerous sectors, including energy, financial services, and critical national infrastructure.

An Israeli cybersecurity firm has identified a new type of ransomware that it believes was created by Iran and has the ability to lock up or even delete industrial control systems. Tel Aviv-based Otorio, a cybersecurity firm which specialises in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. It also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

Iranian intelligence services and other organisations they are backing are monitoring hotels, the travel industry and phone calls to carry out surveillance on individuals through the data they collect. This has the potential aim to possibly cause physical harm to these individuals, a cybersecurity expert warned a gathering of officials and entrepreneurs in Tel Aviv recently.

Organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Geopolitics in Cyberspace

Even before this recent aggression, we foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace. It has ushered in an era of destructive attacks that could, for example, be used to influence the 2020 US elections. Geopolitical tensions have the serious potential to explode in cyberspace and domestic terrorism will manifest here as well. We are going to see a resurgence of organised hacking as well as geopolitical clashes, specifically with Iran, Russia and China, escalating dramatically in cyberspace.

Malware Continues to be a Major Threat

Outside of geopolitical conflict and terrorism, research has found that malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019.

UK Threat Report was published in October 2019 which said that one in five businesses (21%) reported seeing custom malware attacks most frequently and 10% cited commodity malware. It means that 31% of businesses reported malware to be the most witnessed attack type.

This research aims to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks. Its purpose is to identify trends in hacking and malicious attacks along with the financial and reputational impact any breaches have had on organisations.

In terms of the prime cause of successful breaches, humans are proving to be the weakest link in the cyber defence chain. Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33%) of respondents affected. Ransomware took second place with 20% of businesses citing this as the primary cause.

The Rise of Cloud-Jacking and Island Hopping

Cloud-jacking and subsequent island hopping will become a more common practice in 2020. Attackers are looking to leverage an organisation’s infrastructure and brand against itself. There will be a lot more cloud-jacking and island hopping via public clouds as well, as new-fangled techniques for hypervisor escapes.

We will also see an increase in mobile root kits. These allow hackers to gain full control over a victim’s device.  
Rootkits give hackers control over other people’s mobile devices allowing them to manifest in the physical setting i.e. leveraging proximity settings on microphone, camera, location etc once they are in the device. This is going to become much more common as a form of competitive intelligence and industrial and economic espionage in the year ahead.

Access mining as a service will also grow. Cyber criminals are already seeing the benefits of not having to hack the victim but outsourcing that function or purchasing the backdoor into that system that has already been planted.

And, virtual home invasions of well-known public figures, celebrities, CEOs and politicians will occur. Significant personalities, whether they be film stars, corporate executives, or politicians, will be hacked through the technology they’ve deployed in their homes, specifically through things like nest and others.

Businesses are Adapting to sustained Cyberattacks

The good news is that businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks. Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber risks.

The report found that companies are tightening up on factors that they can control such as process weaknesses. While 84% reported being breached in the past 12 months and 90% saw an increase in attack sophistication, 76% of companies said they are more confident that they can repel cyberattacks today than they were a year ago.

For many this is because threat hunting is reaping the rewards as teams identify threats that would previously have gone undetected. To this point 90% of the companies that we surveyed said threat hunting had strengthened their defences.

Likewise, there is a sustained level of investment with 93% planning to increase their spending on cybersecurity. This demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively.

2020 is the Age of Cyber Warfare

Who knows how the Iran situation will continue to unfold? The 2020 landscape looks eerie. This situation heightens awareness for all businesses who must be extra vigilant against such threats.

Right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems.

They should be asking them: “Do we have visibility across all of our devices? Are security controls integrated? Do we have a cyber threat hunting team that is actively conducting hunt exercises in our infrastructure now to root out threats and identify whether malicious actors already have a foothold in our networks?”

Because this is not a question of if but when.

The age of cyber warfare is upon us and the threat of cybercrime to businesses continues to multiply by the day, which means the imperative to defend is stronger than ever in 2020.

Former US officials and security experts have expressed concern that Iran may be considering a cyber-attack against the US or its allies after an American airstrike in Baghdad killed Qassem Soleimani, the Iranian major general who led the Islamic Revolutionary Guard’s Quds force.
 
Iran holds an arsenal of malware, and Otorio said Snake was likely created before the general’s assassination.

Business Needs to be Aware

Iranian hackers are already using fake links within LinkedIn to get people to download malware and often employees don’t recognise that using social networks could potentially be a danger to their company, they get complacent.

If the company doesn’t have the proper technologies in place, if they don’t have a proxy firewall, for example, that would filter the web traffic and inspect it. There is a good chance that they can click from a link and download something or have something execute on their system that would then start infecting the rest of the systems within the organisation.

Enterprise Times:      WorldOil:         Times Of Israel:     Radio Farda:      InformationSecurityBuzz

You Might Also Read:

Where Is Iran's Cyber Response To It's General's Assassination?:

 

 

 

 

« UK Government: Mobile Devices Lost & Stolen
Business Has Increased Cyber Security But Lacks Cyber Training »

Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

Center for Internet Security (CIS)

Center for Internet Security (CIS)

CIS is a nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

SaltDNA

SaltDNA

SaltDNA provides a solution for encrypted communications between mobile devices with full, centralized control for the enterprise.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

CyberLaw

CyberLaw

CyberLaw's world-class team of cyber security experts and legal practitioners offers unparalleled advice, consultancy and legal representation in the field of cyber security.

Pentest People

Pentest People

Pentest People are a UK-based security consultancy focussing on bringing the benefits of Pentesting as a Service (PTaaS) to all its clients.

AU10TIX

AU10TIX

AU10TIX harnesses the technology that enabled safe borders and airports, to transform the way businesses verify and authenticate their users.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.