Iran's Cutting Edge Cyberwar Capabilities

2020 has begun with political tension between the US and Iran. This has the real possibility that Iran will respond to this tension with a series of cyber strikes against both governments and business. Iran has already developed some very destructive malware and now has the capacity to hack and destroy the integrity of data and systems.

Security experts and federal officials warn that Iran could target the military another way, through potentially vulnerable defense contractors. It now has the skills and technical acumen to conduct attacks against its enemies  across numerous sectors, including energy, financial services, and critical national infrastructure.

An Israeli cybersecurity firm has identified a new type of ransomware that it believes was created by Iran and has the ability to lock up or even delete industrial control systems. Tel Aviv-based Otorio, a cybersecurity firm which specialises in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. It also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

Iranian intelligence services and other organisations they are backing are monitoring hotels, the travel industry and phone calls to carry out surveillance on individuals through the data they collect. This has the potential aim to possibly cause physical harm to these individuals, a cybersecurity expert warned a gathering of officials and entrepreneurs in Tel Aviv recently.

Organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Geopolitics in Cyberspace

Even before this recent aggression, we foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace. It has ushered in an era of destructive attacks that could, for example, be used to influence the 2020 US elections. Geopolitical tensions have the serious potential to explode in cyberspace and domestic terrorism will manifest here as well. We are going to see a resurgence of organised hacking as well as geopolitical clashes, specifically with Iran, Russia and China, escalating dramatically in cyberspace.

Malware Continues to be a Major Threat

Outside of geopolitical conflict and terrorism, research has found that malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019.

UK Threat Report was published in October 2019 which said that one in five businesses (21%) reported seeing custom malware attacks most frequently and 10% cited commodity malware. It means that 31% of businesses reported malware to be the most witnessed attack type.

This research aims to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks. Its purpose is to identify trends in hacking and malicious attacks along with the financial and reputational impact any breaches have had on organisations.

In terms of the prime cause of successful breaches, humans are proving to be the weakest link in the cyber defence chain. Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33%) of respondents affected. Ransomware took second place with 20% of businesses citing this as the primary cause.

The Rise of Cloud-Jacking and Island Hopping

Cloud-jacking and subsequent island hopping will become a more common practice in 2020. Attackers are looking to leverage an organisation’s infrastructure and brand against itself. There will be a lot more cloud-jacking and island hopping via public clouds as well, as new-fangled techniques for hypervisor escapes.

We will also see an increase in mobile root kits. These allow hackers to gain full control over a victim’s device.  
Rootkits give hackers control over other people’s mobile devices allowing them to manifest in the physical setting i.e. leveraging proximity settings on microphone, camera, location etc once they are in the device. This is going to become much more common as a form of competitive intelligence and industrial and economic espionage in the year ahead.

Access mining as a service will also grow. Cyber criminals are already seeing the benefits of not having to hack the victim but outsourcing that function or purchasing the backdoor into that system that has already been planted.

And, virtual home invasions of well-known public figures, celebrities, CEOs and politicians will occur. Significant personalities, whether they be film stars, corporate executives, or politicians, will be hacked through the technology they’ve deployed in their homes, specifically through things like nest and others.

Businesses are Adapting to sustained Cyberattacks

The good news is that businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks. Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber risks.

The report found that companies are tightening up on factors that they can control such as process weaknesses. While 84% reported being breached in the past 12 months and 90% saw an increase in attack sophistication, 76% of companies said they are more confident that they can repel cyberattacks today than they were a year ago.

For many this is because threat hunting is reaping the rewards as teams identify threats that would previously have gone undetected. To this point 90% of the companies that we surveyed said threat hunting had strengthened their defences.

Likewise, there is a sustained level of investment with 93% planning to increase their spending on cybersecurity. This demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively.

2020 is the Age of Cyber Warfare

Who knows how the Iran situation will continue to unfold? The 2020 landscape looks eerie. This situation heightens awareness for all businesses who must be extra vigilant against such threats.

Right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems.

They should be asking them: “Do we have visibility across all of our devices? Are security controls integrated? Do we have a cyber threat hunting team that is actively conducting hunt exercises in our infrastructure now to root out threats and identify whether malicious actors already have a foothold in our networks?”

Because this is not a question of if but when.

The age of cyber warfare is upon us and the threat of cybercrime to businesses continues to multiply by the day, which means the imperative to defend is stronger than ever in 2020.

Former US officials and security experts have expressed concern that Iran may be considering a cyber-attack against the US or its allies after an American airstrike in Baghdad killed Qassem Soleimani, the Iranian major general who led the Islamic Revolutionary Guard’s Quds force.
 
Iran holds an arsenal of malware, and Otorio said Snake was likely created before the general’s assassination.

Business Needs to be Aware

Iranian hackers are already using fake links within LinkedIn to get people to download malware and often employees don’t recognise that using social networks could potentially be a danger to their company, they get complacent.

If the company doesn’t have the proper technologies in place, if they don’t have a proxy firewall, for example, that would filter the web traffic and inspect it. There is a good chance that they can click from a link and download something or have something execute on their system that would then start infecting the rest of the systems within the organisation.

Enterprise Times:      WorldOil:         Times Of Israel:     Radio Farda:      InformationSecurityBuzz

You Might Also Read:

Where Is Iran's Cyber Response To It's General's Assassination?:

 

 

 

 

« UK Government: Mobile Devices Lost & Stolen
Business Has Increased Cyber Security But Lacks Cyber Training »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Razorpoint Cybersecurity

Razorpoint Cybersecurity

Razorpoint’s world-class security experts have provided advanced, effective cybersecurity expertise to corporate and public-sector organizations around the world.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.

Graphiant

Graphiant

Graphiant’s Data Assurance service gives businesses end-to-end control and visibility into how data travels throughout the entire business network.

QuantumGate

QuantumGate

QuantumGate are a team of world-class cryptographers, cybersecurity professionals and researchers. We help organizations protect their data assets in a post-quantum world.