The US is worried about Iran retaliating with a cyberattack

The US is worried about Iran retaliating with a cyberattack

Iranians tear up a US flag during a demonstration in Tehran on January 3, 2020. | Atta Kenare/AFP via Getty Images

Iran’s formidable cyber arsenal includes malware and DoS attacks.

Iran’s promise to avenge the US military’s recent killing of Iran’s top military commander, Qassem Soleimani, has stoked fears about what this retaliation will look like. Many worry that it will lead to all-out war, but although the US is adding 3,500 troops to the tens of thousands already stationed in the Middle East, there haven’t been any large-scale military fights on the ground.

On our computers, however, it might be a different story. One of Iran’s most likely responses to the US’s actions may be a cyberattack on private businesses or even government systems — which is why many experts in the US are bracing for an assault from a country that has established itself as one of the world’s major cyber threats in the last decade.

If Iran does launch a digital strike, this wouldn’t be anything new. In fact, it would be just another battle in an ongoing “invisible war” between the US and Iran that has been happening for years.

Iran’s cyberattacks are already so “extremely active and persistent” that cybersecurity expert Brian Krebs told Recode, “It’s difficult to think of what might constitute an escalation of that activity.”

The Department of Homeland Security also recognizes the potential cyberthreat. Two days after Soleimani’s death, DHS’s National Terrorism Advisory System issued a bulletin that mentioned Iran’s past “cyber enabled attacks” from its “robust cyber program.”

“Iran is capable, at minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States,” the bulletin said.

Michael Daniel, president and CEO of Cyber Threat Alliance and the cybersecurity coordinator on the National Security Council during the Obama administration, told Recode that while it’s too early to say what Iran’s cyberattack plans could be, the United States should be prepared for the possibility.

“They’ve used [cyber attacks] before, and they have continued developing their cyber capabilities over the last few years,” Daniel said. “Based on past experience with Iran, it would be a logical course of action for them to take.”

How Iran became a cyber threat

If Iran’s past actions are any indication, a new cyberattack against the US could employ malware (programs that are designed to damage computer systems, such as computer viruses) or denial of service (DoS) attacks (when hackers bombard web services with so many requests that they are unable to function).

Ironically, it was a cyberattack linked to the US almost 10 years ago that led to Iran ramping up its cyberwarfare abilities. In June 2010, a computer virus called Stuxnet, which has been called “unprecedentedly masterful and malicious,” was discovered to have targeted computers that ran Iran’s nuclear program, reportedly destroying a fifth of its centrifuges.

While Stuxnet is largely believed to have been a joint US-Israel effort (with, it was recently reported, some help from the Dutch), neither government has officially acknowledged this. Iran responded by bulking up its cyberespionage capabilities, refining and improving its skills over the last decade, and attacking both America and its allies.

In America, Iran’s cyberattacks have largely targeted the private sector. In 2014, it hacked into Sands Hotel and Casino’s systems, stealing and destroying data and ultimately costing the casino at least $40 million. And between 2011 and 2013, seven Iranians allegedly working on the Iranian government’s behalf were accused of launching DoS attacks on 46 businesses, most of them financial institutions, according to a 2016 US Department of Justice indictment.

Iran’s most notorious cyberattack was against Saudi Arabia’s state-owned oil company, Saudi Aramco. In 2012, a virus called Shamoon destroyed more than 30,000 of Saudi Aramco’s computers. (Shamoon was a type of “wiper,” a particularly harmful malware that irreversibly wipes data from the devices and networks it infects.)

Saudi Aramco was forced to go offline for months until it could rebuild its IT infrastructure, ultimately costing one of the most valuable companies in the world hundreds of millions of dollars. Modified versions of Shamoon surfaced in 2016 and 2018, which suggests Iran might use this tool to retaliate against the US if it does launch a cyberattack, experts told Recode.

“I would expect destructive attacks like the Shamoon attack against Saudi Aramco,” Chris Wysopal, co-founder and chief technology officer of cybersecurity software company Veracode, told Recode. He added that local governments and hospitals are potential “soft targets” for such attacks.

Both often don’t have the funds or personnel to protect from sophisticated hackers, so they are routinely attacked by ransomware, which encrypts all data on infected computers and systems, forcing victims to pay a ransom to restore their access. The attacks can take down essential and even life-saving services for weeks, and they cost millions of dollars to fix.

Is America prepared?

Cybersecurity expert Bruce Schneier’s answer was brief and to the point: “No.”

Security experts have warned for years now that Iran would ramp up its cyberattacks on America in frequency and severity, especially since the election of President Trump, an exceedingly vocal opponent of the regime who pulled the US out of its nuclear deal with Iran.

Last October, Microsoft reported that an Iran-linked hacker group attempted to access email accounts associated with political journalists and an unnamed presidential campaign. That same month, Facebook revealed that Iranian groups created fake accounts to disseminate propaganda — something Iran has done several times in the past.

“Given this latest development, American businesses must bolster their cyber defenses against spear-phishing, DDoS, ransomware and, most commonly used on Iranian neighbors, wiper attacks,” Bill Conner, CEO of SonicWall, told Recode.

“These types of attacks — used maliciously and designed to sniff out human and/or network weaknesses — could ultimately bypass a country’s most-relied-upon defenses and security controls in what would be a historical asymmetric cyberattack,” Conner added.

America has launched several cyberattacks of its own on Iran, reportedly as recently as last June, September, and December. Defensively, government officials and agencies have warned Americans to take security precautions. Last June, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned that there was a “recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.”

This week, after Soleimani’s killing, CISA director Chris Krebs linked back to the statement:

The DHS’s acting secretary, Chad Wolf, also tweeted that organizations should be prepared for cyber threats:

Worryingly, the Trump administration eliminated the National Security Council’s cybersecurity coordinator position in 2018. The Obama administration-created post was responsible for coordinating cybersecurity efforts across government agencies.

And the State Department’s Coordinator for Cyber Issues position has been empty since 2017. The US Government Accountability Office currently recommends that the government take “urgent action” against cyberthreats, considering it a “high risk issue.”

What’s next

So far, the only known possible Iranian attack on the US was a brief hack last Saturday of the website of the Federal Depository Library Program, a little-known agency that distributes government publications to libraries across the country. The site’s homepage was replaced with an image of President Trump being punched in the face, alongside a message blaming the hack on Soleimani’s death and promising more.

The attack is not believed to have caused any damage beyond the brief defacement, and the CISA told CBS News that it could not even confirm that Iran was behind the attack. An unnamed official called it a “nothing event.”

Still, many cybersecurity experts are concerned that if America’s public and private sectors don’t prepare for Iran’s most likely response, it may not be a “nothing event.” Lisa Monaco, President Obama’s homeland security and counterterrorism adviser, recently wrote in the Washington Post that “the most immediate threat” from Iran was a cyberattack on financial institutions and infrastructure.

The biggest question now, she wrote, is if Americans are prepared for whatever form Iran’s retaliation will take.

Author: Sara Morrison

Read More

RSS
Follow by Email