Iran's Cyberwar Response To Its General's Killing

Following the US assassination of General Qassem Soleimani (pictured) on Friday January 2nd by a deadly drone strike, it looks like the United States and Iran are at war. Over the following weekend, the cyber war began with threat actors defaced the website of the US Federal Depository Library Program (FDLP).  

This could be only  the first Iranian state-sponsored cyberattack in retaliation for the US drone strike that killed the  Iranian military commander at Baghdad airport in Iraq. The FDLP website was taken down after the defacement, which according to the DHS involved “pro-Iranian, anti-US messaging.” 

The US Department of Home Security (DHS) on Saturday 3rd issued a rare National Terrorism Advisory System (NTAS) alert warning about possible Iranian terror and cyber campaigns in retaliation for the US drone strike that killed Soleimani. He was the commander of the Quds Force, the extraterritorial operations branch of Iran’s Islamic Revolutionary Guard Corps (IRGC).

The Iranian government and various allied organisations have warned that they plan to retaliate against the US over Soleimani’s death. 

The DHS warns that “Iran maintains a robust cyber program and can execute cyber-attacks against the United States,” adding that such an attack “may come with little or no warning.”

The killing of another country’s most important military official is tantamount to a formal declaration of hostilities. While the US and Iran had been exchanging blows indirectly and through proxies in Iraq and Yemen, the Trump administration has brought this long-running shadow conflict with Iran out into the open.

For years, US tensions with Iran have held to a kind of brinksmanship. But the drone assassination of Soleimani, widely understood to be the second most powerful figure in Iran, has dangerously escalated tensions. The world now awaits Iran's response, which seems likely to make new use of a tool that the country has already been deploying for years: its brigades of military hackers. When the Iranian response comes, and it will come, though it may not be immediate, there will be intense pressure on the Trump administration to respond in kind. The scenarios experts are floating are dire, including both direct attacks on the US and strikes on its allies.

In the wake of strike, military and cybersecurity analysts caution Iran's response could include, among other possibilities, a wave of disruptive cyberattacks. 

The country has spent years building the capability to execute not only the mass-destruction of computers but potentially more advanced, albeit far less likely, attacks on Western critical infrastructure like power grids and water systems.Iran has ramped up its cyberwar capabilities ever since a joint US-Israeli intelligence operation deployed malware called Stuxnet in the Natanz uranium enrichment facility in 2007, destroying centrifuges and crippling the country's nuclear efforts. 

Iran has since put serious resources into advancing its own hacking, though it deploys them more for espionage and mass disruption than Stuxnet-like surgical strikes.

Expect more network-enabled spying and possibly destructive cyber-attacks in the wake of the killing of one of Iran’s most important military commanders, experts said. “We will probably see an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment. 
“We also anticipate disruptive and destructive cyberattacks against the private sphere,” said John Hultquist, director of Intelligence Analysis at FireEye, in a recent statement.

Like a lot of smaller state actors, Iran has been growing its cyber capacity over the last several years. Clumsy distributed-denial-of-service attacks and website defacements in 2009 led four years later to the manipulation of search query commands in an attack on the Navy Marine Corps Intranet. In 2013, an Iranian national allegedly breached the control systems of a dam in Rye, New York. Two years after that, Iran actors used Wiper malware to delete files from some 35,000 computers owned by Saudi Aramco, one of the most disruptive attacks to date.  

Iranian cyber actions spiked ahead of the 2015 signing of the multinational deal that limited Iran’s nuclear activities. Targets included US financial organisations and even the a casino in Las Vegas who’s networks were wiped clean, doing $40m in damage.

Iranian cyber activity dropped off somewhat after the signing of the nuclear deal. But in 2017, a threat group that FireEye dubbed APT33 attacked aerospace and petrochemical targets across the United States, Saudi Arabia, and South Korea. 
The group created domain names to send convincing emails pretending to be from Boeing, Northrop Grumman, and various joint ventures. 

The methods, targeted spear-phishing and domain-name squatting, suggest that the intent was industrial espionage, not destruction. And in December 2018, a series of dramatic wiper attacks targeted Italian, Saudi and UAE oil interests in the Middle East, attacks that experts to Iran.

What’s Next
The past year brought various warnings of a new spike in malign network activity. A January 2019 Report  indicated that Iran had been attacking domain name service providers, aiming to set up fake domain names that could facilitate a new wave of spearphishing operations. 

The following month, Crowdstrike’s 2019 Global Threat Report noted that despite “some short-term gaps in attributable incidents this year, Iran based malicious cyber activity appeared to be fairly constant in 2018, particularly involving incidents targeting other countries in the [Middle East and North Africa] region… “Additionally, it is suspected that Iranian adversaries are developing new mobile malware capabilities to target dissidents and minority ethnic groups.”

In June, Christopher Krebs, the director of the US Cybersecurity and Infrastructure Security Agency, or CISA, at the Department of Homeland Security, said “CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies..... We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.”

DefenseOne:      Wired:        Vox:      Oodaloop:       ZDNet:     Image: akkasemosalman.ir

You Might Also Read: 

Reshaping The Future Of War With Malware:

New US Cyber Attacks On Iran:

 

« Top 20 Cyber Security Companies At The Start Of 2020
Warning: Smart TVs Are The IoT Gateway Into Your Home »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cydome Security

Cydome Security

Cydome offer solutions to protect your sensitive data even when it leaves the organization perimeter.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

oneKIY

oneKIY

KIY is an advanced user-control security key which you will use for authentication, secure data and files.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Lost and Found Jobs

Lost and Found Jobs

Lost and Found Jobs, where employers go to find top cyber talent, and top cyber professionals go to connect with amazing opportunities.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.