U.S. Businesses Brace for Impact from Iranian Cyberattacks

The world breathed a collective sigh of relief when the U.S. and Iran stepped back from the brink of war this week. But the threat didn’t subside; it merely changed the focus from expensive war machines to digital mayhem. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) raised the alarm on upcoming cyberthreats from Iran, aimed at wreaking real-world harm in the U.S. Now, American businesses are bracing for impact.

“With the escalation of tensions in the Middle East, many are asking how far-reaching the impacts could be for the U.S. private sector. While the impacts to the petroleum industry, defense contractors and service members supporting U.S. FOBs, and travel providers are very direct, we cannot forget about the real potential for state-sponsored cyberattacks on both international and domestic U.S. interests,” warned Warren Poschman, senior solutions architect at comforte AG.

Iran has a history of targeting non-military U.S. interests. CISA lists the following as among the list of previous attacks:

• DDoS targeting the U.S. financial sector — primarily targeting the public-facing websites of U.S. banks wherein customers were blocked from their accounts and banks paid millions to remediate.
• Attack on a New York State dam — tapping into the supervisory control and data acquisition (SCADA) systems of the Bowman Dam to access information on the status and operation of the dam.
• Sands Las Vegas Corp. breach — wherein customer data – including credit card data, Social Security Numbers, and driver’s license numbers – was stolen.
• Massive cybertheft campaign — comprised of dozens of separate incidents, including “many on behalf of the IRGC.” CISA reported that according to the indictment, the campaign targeted “144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private-sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.”

KnowBe4’s Rosa Smothers

“We know APTs 33 and 34 are associated with Iranian state sponsored hackers. Every company in the SCADA and ICS space should already be proactive in safeguarding against these (and other) APTs; if we’re doing our jobs right, then admins aren’t in a state of emergency right now over the potential of Iranian implants lying dormant on our networks,” said Rosa Smothers, senior VP of cyber operation at KnowBe4 and a highly decorated former CIA Technical Intelligence Officer.

Even with such a diversified history of attacks, it’s relatively clear which organizations are most likely to be targeted now in the midst of current U.S.-Iran tensions.

“Some organizations face a greater threat than others. Financial services, energy, oil and gas, health care, infrastructure, and any business that contracts with the federal government is a more likely target,” said Paul Bischoff, privacy advocate with Comparitech.

Specific types of attacks are expected as well.

Comparitech’s Paul Bischoff

“Businesses will have to prepare for several types of threats such as malware, network disruptions (DDoS attacks), data theft and phishing. Because Iran is a nation-state actor, it has a broad range of tactics at its disposal as well as the resources to conduct large-scale cyberattacks,” said Bischoff.

MSSPs should also expect attacks from Iran to continue for the foreseeable future and beyond.

“Given that Iran already has a history of launching cyberattacks, it seems almost inevitable in today’s climate that we’ll see new threats. Cyberattacks are an extremely cost-effective form of asymmetrical warfare, with even small attacks getting lots of publicity and causing general anxiety and fear,” said Ray DeMeo, co-founder and COO at Virsec.

Businesses need to be extra diligent in their security practices to thwart such a continued onslaught of varied attacks. Here are suggestions from experts on …