US warns of Iran cyber retaliation amid Soleimani fallout

Iranian activity will likely cause temporary disruption to national critical infrastructure at a minimum, claims DHS

Businesses have been urged to prepare for a wave of Iranian cyber attacks in the coming weeks as tensions escalate with the US following the assassination of Iran’s top military commander.

The US Department of Homeland Security (DHS) has warned that Iran, at a minimum, is capable of executing cyber attacks with “temporary disruptive effects” against national critical infrastructure.

The bulletin has suggested ‘cyber terrorism’ activity may come in the form of disruption, suspicious emails or phishing, or network delays. 

In light of the threat, businesses should implement basic cyber hygiene practices such as securing data backups and employing additional layers of security like multifactor authentication (MFA).

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The guidance has been issued in light of the killing of Major General Qasem Soleimani, Iran’s senior leader in the Islamic Revolutionary Guard Corps, who was targeted by a US drone strike on 2 January. 

His death has led Iran to vow retaliation, with experts suggesting this would manifest as activity through a network of cyber criminal conduits, as opposed to military action or physical violence.

“Iran has readily embraced the use of online information operations to support its geopolitical objectives over the past few years,” said senior manager, information operations analysis with FireEye Intelligence, Lee Foster. “These tactics have included the creation of large networks of inauthentic “news” sites designed to amplify pro-Iran propaganda globally and discredit rivals, including the US.”

Such activity includes impersonating prominent politicians and celebrities, as well as inventing journalistic personas to spread propaganda. FireEye already saw disinformation efforts by these networks immediately following the strike on Soleimani, with activity only expected to increase.

Cyber criminals linked with the Iranian state have already started to target US public sector organisations. 

The Federal Depository Library Program (FDLP), for instance, was breached over the weekend, with hackers claiming to be from Iran defacing the organisation's website with an image of Trump being punched in the face. This image was posted alongside pro-Iranian messages, according to Business Insider.

Related Resource

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

“The threat of cyber warfare is sometimes more powerful than the actual destruction, meaning state actors and cyber criminals will always have the upper hand as we never really know what is possible,” said cyber security specialist with ESET, Jake Moore.

“All we have to go on in the cyber security industry is what has previously occurred. The threat of the unknown can be so great that it impacts on aspects such as share prices without anything even occurring.” 

“Cyber political tensions are always hotly monitored and for good reason as a threat to the power grid or waterworks would be catastrophic. But the more likely attacks point more heavily towards a mass encryption of data, such as a ransomware attack, which can equally bring everything to a standstill.”

Cyber criminal groups linked with Iran have posed a significant threat to businesses and public sector organisations over the last few years on a similar scale to the threat posed by Russian and North Korean hackers.

Advertisement
Advertisement - Article continues below

The UK Parliament, for example, was reported to have been targeted by Iranian cyber criminals in 2017, based on intelligence assessments. Approximately 90 email accounts, including 30 used by MPs, were compromised in June that year, with reports pinning the blame onto the Revolutionary Guard.

Prominent groups operating out of Iran also include Holmium and Mercury, with Microsoft in July 2019 identifying the duo as two of the five most active state-linked cyber gangs targeting its customers.

Advertisement - Article continues below

Those among the most frequently targeted customers include organisations connected with the essential functions of democracy, such as think tanks and NGOs. 

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

20 Sep 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020