Are you a potential victim of an Iranian cyber-attack? You may be surprised to discover the answer could very well be, “yes.”
Forty years after the Iranian Revolution, the West has avoided all-out war with Iran – for now… Yet there is also a virtual war raging, a threat deemed menacing enough to prompt declaration of a national emergency in the United States.
Iran has long been active in cyberwarfare. The country has had a “Cyber Defense Command” since 2010. It may be just bluster, but an Iranian Revolutionary Guards general once boasted that Iran was the “4th biggest cyber power among the world’s cyber armies.” Given Iran’s successes, he could be right.
Iran and America have long engaged in what Vanity Fair author Michael Joseph Gross has called “history’s first known cyber-war.” Over a decade ago, the Stuxnet worm was allegedly created by Israel and the US to slow down Iran’s nuclear capabilities by causing uranium-processing centrifuges to run overly fast, thereby destroying them. Iran retaliated by launching a number of attacks against the US and its allies. Cyber-attacks that have been linked to Iranian government hackers include:
- A 2012 attack that destroyed 75% of the data on the main computer network of Saudi Aramco
- 2014 attacks against Israeli infrastructure
- A 2015 attack against Turkey that shut down electric power to over 40 million people
- A 2017 attack against the British Parliament
- Ongoing attacks since 2014 on telecom and travel companies aimed at gathering intelligence
- Ongoing attacks on US banks
- Attacks on Israeli missile systems
- A ‘major cyber assault’ on key UK infrastructure in late 2018
- A February 2019 hack of the Australian Parliament
It’s not only Iranian government hackers that cause concern. Civilian hackers based in Iran are also involved in ransomware attacks. Two Iranians shut down the city of Atlanta’s computer systems in 2018, demanding $51,000 in ransom. US law enforcement says that the two Iranians behind the attack, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, have collected over $6 million in ransom from multiple victims. In addition to Atlanta, the pair targeted hospitals and schools that were selected because they had money and were likely to be vulnerable.
Like many other cyberattacks, Iranian attackers often starts with spear-phishing attacks – emails that entice victims to download an infected file or click on a link that installs malware. What makes spear-phishing more effective than generic phishing methods is that the attackers customize emails for an individual or a firm, making them look much less like the “spammy” emails used in traditional phishing attack types.
Attacks originating in Iran also commonly use DNS hijacking, in which the hacker intercepts traffic intended for a legitimate website. The attacker can now begin collecting any information users send to that site – whether for immediate use or as part of a long-term strategy (see our Guide to Advanced Persistent Threats) – as well as using this foothold to install additional malware on the target’s system, enabling them to tunnel farther and deeper into the organization.
You can protect yourself against the impact of such attacks using many of the same cybersecurity practices that defend against everyday cyberthreats, including good general data security hygiene, network monitoring tools and a multi-layered, zero-trust endpoint security strategy – as well as by extending the Zero Trust concept to include Zero Trust for the Web, using Remote Browser Isolation.
Recognizing that your organization could be a target is an important step. As the city of Atlanta discovered, you don’t have to be a federal government agency, a military installation, or a bank to be targeted by Iranian cyber-attacks. As the saying goes, ‘forewarned is forearmed’.