Thursday , February 25 2021

Iran’s most likely threat to the US after Soleimani’s killing is a cyber attack, Recode


Iran’s promise to avenge the US military’srecent killingof Iran’s top military commander, Qassem Soleimani, has stoked fears about what this retaliation will look like. Many are worried that it willlead to all-out war– and shortly after publication of this story,the New York Times reportedthat Iran fired missiles at a US military base in Iraq.

But in the days leading up to the missile attack, many experts in the US had begun bracing for a different kind of attack from Iran, one they said was even more likely than an on- the-ground fight: a cyberattack on the private businesses or government systems in the US. And even after the missile attack, that doesn’t rule out the possibility of a cyberattack as well.

Over the last decade, Iran has established itself as one of the world’s major cyber threats, which is why any new attack would be just another battle in an ongoing “invisible war”between the US and Iran that has been happening for years.

Iranian cyberattacks are already so “extremely active and persistent” that cybersecurity expert Brian Krebs told Recode, “It’s difficult to think of what might constit an escalation of that activity.”

The Department of Homeland Security also recognizes the potential cyberthreat. Two days after Soleimani’s death, DHS’s National Terrorism Advisory System issued abulletinthat mentioned earlier past “cyber enabled attacks” from its “robust cyber program. ”

“Iran is capable, at minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States,” the bulletin said.

Michael Daniel, president and CEO of Cyber ​​Threat Alliance and the cybersecurity coordinator on the National Security Council during the Obama administration, told Recode that while it’s too early to Say what Iranian cyberattack plans could be, the United States should be prepared for the possibility.

“They’ve used [cyber attacks] before, and they have continued developing their cyber capabilities over the last few years,” Daniel said. “Based on past experience with Iran, it would be a logical course of action for them to take.”

How Iran became a cyber threat

If Iran’s past actions are any indication, a new cyberattack against the US could employ malware (programs that are designed to damage computer systems, such as computer viruses) or denial of service (DoS) attacks (when hackers bombard web services with so many requests that they are unable to function).

Ironically, it was a cyberattack linked to the US almost years ago that led to Iran ramping up its cyberwarfare abilities. In June (****************************************************************************************************************************, a computer virus calledStuxnet, which has been called “unprecedentedly masterful and malicious, ”was discovered to have targeted computers that ran Iran’s nuclear program, reportedly destroying a fifth of its centrifuges.

While Stuxnet is largely believed to have been a joint US-Israel effort (with, it was Recently reported, some help from the Dutch), neither government has officially acknowledged this. Iran responded bybulking up its cyberespionage capabilities, refining and improvingits skills over the last decade, and attacking both America and its allies.

In America, Iran’s cyberattacks have largely targeted the private sector. In (**********************************************************************************************************************, it hacked into

Sands Hotel and Casino’s systems, stealing and destroying data and ultimately costing the casino at least $ 78 million. And between and 2013, seven Iranians allegedly working on the Iranian government on behalf were accused of launching DoS attacks on 90 businesses, most of them financial institutions, according to a

US Department of Justice indictment.

Iran’s most notorious cyberattack was against Saudi Arabia’s state-owned oil company, Saudi Aramco.In 2012, a virus called Shamoon destroyed more than 32, of Saudi Aramco’s computers. (Shamoon was a type of “wiper,” a particularly harmful malware that irreversibly wipes data from the devices and networks it infects.)

Saudi Aramco was forced to go offline for monthsuntil it could rebuild its IT infrastructure, ultimately costing one of the most valuable companies in the world hundreds of millions of dollars. Modified versions of Shamoon surfaced in (************************************************************************************************************************** and , which suggests Iran might use this tool to retaliate against the US if It does launch a cyberattack, experts told Recode.

“I would expect destructive attacks like the Shamoon attack against Saudi Aramco, ”Chris Wysopal, co-founder and chief technology officer of cybersecurity software company Veracode, told Recode. He added that local governments and hospitals are potential “soft targets” for such attacks. Both often

don’t have the funds or personnelto protect from sophisticated hackers, so they areroutinelyattackedby ransomware, which encrypts all data on infected computers and systems, forcing victims to pay a ransom to restore their access. The attacks can take down essential and even life-saving services for weeks, and they cost millions of dollars to fix.

Is America prepared?

Cybersecurity expert Bruce Schneier’s answer was brief and to the point: “No.” Security experts have (warned) for

yearsnowthat Iran would ramp up its cyberattacks on America in frequency and severity, especially since the election of President Trump, an exceedingly vocal opponent of the regime who pulled the US outof its nuclear deal with Iran.

(Last October,

Microsoft reportedthat an Iran-linked hacker group attempted to access email accounts associated with political journalists and an unnamed presidential campaign. That same month, Facebook

revealed that Iranian groups created fake accounts to publishinate propaganda – something Iran has done several timesin the past.

“Given this latest development, American businesses must bolster their cyber defenses against spear-phishing, (DDoS) , (ransomware) and, most commonly used on Iranian neighbors, wiper attacks, ”Bill Conner, CEO of SonicWall, told Recode.“These types of attacks – used maliciously and designed to sniff out human and / or network weaknesses – could ultimately bypass a country most-relied-upon defenses and security controls in what would be a historical asymmetric cyberattack , ”Conner added.

America has launched several cyberattacks of its own on Iran, reportedly as recently as last (June

,September, and December. Defensively, government officials and agencies have warned Americans to take security precautions.Last June, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned that there was a “recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. ”This week, after Soleimani’s killing, CISA director Chris Krebs linked back to the statement:

(**************************************************************** Given recent developments, re-upping our statement from the summer.

Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you’re also watching third party accesses!

– Chris Krebs (@CISAKrebs) (January 3, *******************************************************************************************************************(******************************************************************** (********************************************************************** The DHS’s acting secretary, Chad Wolf, also tweeted that organizations should be prepared for cyber threats: (**************************************************************** A good reminder from

@ CISAGov: In times of heightened threats, organizations should increase monitoring, back up systems, implement multifactor authentication, & have an incident response plan ready. More info on threats & prevention / preparedness tips at ( Acting Secretary Chad Wolf (@DHS_Wolf) January 5, (******************************************************************** (**************************************************************************** (Worryingly, the Trump administration

*************************************************************** (eliminatedthe National Security Council’s cybersecurity coordinator position in (********************************************************************************************************************. The Obama administration-created post was responsible for coordinating cybersecurity efforts across government agencies.

And the State Department’s Coordinator for Cyber ​​Issues position has been empty (since) ****************************************************************************************************************. The US Government Accountability Office Currentlyrecommends that the government take “urgent action” against cyberthreats, considering it a “high risk issue.” What’s next

So far, the only known possible Iranian cyberattack on the US was a brief hack last Saturday of the website of the Federal Depository Library Program, a little-known agency that distributes government publications to libraries across the country. The site’s homepage was replaced with an image of President Trump being punched in the face, alongside a message blaming the hack on Soleimani’s death and promising more.

The attack is not believed to have caused any damage beyond the brief defacement , and the CISA CBS News told ) that it could not even confirm that Iran was behind the attack. An unnamed official called it a “nothing event.” Still, many cybersecurity experts are concerned that if America’s public and private sectors don’t prepare, Iran’s next cyberattack may not be a “nothing event.” Lisa Monaco, President Obama’s homeland security and counterterrorism adviser, recently wrote in the Washington Postthat “the most immediate threat” from Iran was a cyberattack on financial institutions and infrastructure. The biggest question now, she wrote, is if Americans are prepared for it.

(********************************************************************************************** Read More(**********************************************************************************************

About admin

Check Also

The EARN-IT Act-Prepare for another attack on encryption in the U.S., Hacker News

The EARN-IT Act Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it's really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a "National Commission on Online Child Sexual Exploitation Prevention" tasked with developing "best…

Leave a Reply

Your email address will not be published. Required fields are marked *