Iran's Cutting Edge Cyberwar Capabilities

2020 has begun with political tension between the US and Iran. This has the real possibility that Iran will respond to this tension with a series of cyber strikes against both governments and business. Iran has already developed some very destructive malware and now has the capacity to hack and destroy the integrity of data and systems.

Security experts and federal officials warn that Iran could target the military another way, through potentially vulnerable defense contractors. It now has the skills and technical acumen to conduct attacks against its enemies  across numerous sectors, including energy, financial services, and critical national infrastructure.

An Israeli cybersecurity firm has identified a new type of ransomware that it believes was created by Iran and has the ability to lock up or even delete industrial control systems. Tel Aviv-based Otorio, a cybersecurity firm which specialises in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. It also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

Iranian intelligence services and other organisations they are backing are monitoring hotels, the travel industry and phone calls to carry out surveillance on individuals through the data they collect. This has the potential aim to possibly cause physical harm to these individuals, a cybersecurity expert warned a gathering of officials and entrepreneurs in Tel Aviv recently.

Organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Geopolitics in Cyberspace

Even before this recent aggression, we foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace. It has ushered in an era of destructive attacks that could, for example, be used to influence the 2020 US elections. Geopolitical tensions have the serious potential to explode in cyberspace and domestic terrorism will manifest here as well. We are going to see a resurgence of organised hacking as well as geopolitical clashes, specifically with Iran, Russia and China, escalating dramatically in cyberspace.

Malware Continues to be a Major Threat

Outside of geopolitical conflict and terrorism, research has found that malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019.

UK Threat Report was published in October 2019 which said that one in five businesses (21%) reported seeing custom malware attacks most frequently and 10% cited commodity malware. It means that 31% of businesses reported malware to be the most witnessed attack type.

This research aims to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks. Its purpose is to identify trends in hacking and malicious attacks along with the financial and reputational impact any breaches have had on organisations.

In terms of the prime cause of successful breaches, humans are proving to be the weakest link in the cyber defence chain. Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33%) of respondents affected. Ransomware took second place with 20% of businesses citing this as the primary cause.

The Rise of Cloud-Jacking and Island Hopping

Cloud-jacking and subsequent island hopping will become a more common practice in 2020. Attackers are looking to leverage an organisation’s infrastructure and brand against itself. There will be a lot more cloud-jacking and island hopping via public clouds as well, as new-fangled techniques for hypervisor escapes.

We will also see an increase in mobile root kits. These allow hackers to gain full control over a victim’s device.  
Rootkits give hackers control over other people’s mobile devices allowing them to manifest in the physical setting i.e. leveraging proximity settings on microphone, camera, location etc once they are in the device. This is going to become much more common as a form of competitive intelligence and industrial and economic espionage in the year ahead.

Access mining as a service will also grow. Cyber criminals are already seeing the benefits of not having to hack the victim but outsourcing that function or purchasing the backdoor into that system that has already been planted.

And, virtual home invasions of well-known public figures, celebrities, CEOs and politicians will occur. Significant personalities, whether they be film stars, corporate executives, or politicians, will be hacked through the technology they’ve deployed in their homes, specifically through things like nest and others.

Businesses are Adapting to sustained Cyberattacks

The good news is that businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks. Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber risks.

The report found that companies are tightening up on factors that they can control such as process weaknesses. While 84% reported being breached in the past 12 months and 90% saw an increase in attack sophistication, 76% of companies said they are more confident that they can repel cyberattacks today than they were a year ago.

For many this is because threat hunting is reaping the rewards as teams identify threats that would previously have gone undetected. To this point 90% of the companies that we surveyed said threat hunting had strengthened their defences.

Likewise, there is a sustained level of investment with 93% planning to increase their spending on cybersecurity. This demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively.

2020 is the Age of Cyber Warfare

Who knows how the Iran situation will continue to unfold? The 2020 landscape looks eerie. This situation heightens awareness for all businesses who must be extra vigilant against such threats.

Right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems.

They should be asking them: “Do we have visibility across all of our devices? Are security controls integrated? Do we have a cyber threat hunting team that is actively conducting hunt exercises in our infrastructure now to root out threats and identify whether malicious actors already have a foothold in our networks?”

Because this is not a question of if but when.

The age of cyber warfare is upon us and the threat of cybercrime to businesses continues to multiply by the day, which means the imperative to defend is stronger than ever in 2020.

Former US officials and security experts have expressed concern that Iran may be considering a cyber-attack against the US or its allies after an American airstrike in Baghdad killed Qassem Soleimani, the Iranian major general who led the Islamic Revolutionary Guard’s Quds force.
 
Iran holds an arsenal of malware, and Otorio said Snake was likely created before the general’s assassination.

Business Needs to be Aware

Iranian hackers are already using fake links within LinkedIn to get people to download malware and often employees don’t recognise that using social networks could potentially be a danger to their company, they get complacent.

If the company doesn’t have the proper technologies in place, if they don’t have a proxy firewall, for example, that would filter the web traffic and inspect it. There is a good chance that they can click from a link and download something or have something execute on their system that would then start infecting the rest of the systems within the organisation.

Enterprise Times:      WorldOil:         Times Of Israel:     Radio Farda:      InformationSecurityBuzz

You Might Also Read:

Where Is Iran's Cyber Response To It's General's Assassination?:

 

 

 

 

« UK Government: Mobile Devices Lost & Stolen
Business Has Increased Cyber Security But Lacks Cyber Training »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Nettitude

Nettitude

Nettitude, an LRQA company, is an awards winning provider of cyber security, compliance, infrastructure and incident response services.

TEISS Recruitment

TEISS Recruitment

TEISS Recruitment is a specialist in providing contract, permanent and temporary recruitment services to the cyber and information security sector.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Telsy

Telsy

Telsy is a security partner for ICT solutions and services. We help you implement effective security solutions that increase your risk mitigation ability and your responsiveness.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.