Jan 05 2020

Nation-State Activity – Attack on Iran and What You Should Know

This week, the US carried out an airstrike against an Iranian General, Qasem Soleimani. Iran’s Supreme Leader, Ayatollah Ali Khamenei, warned that “harsh retaliation is waiting” for the US after the airstrike. Khamenei declared three days of public mourning and appointed Soleimani’s deputy to replace him. Iranian President Hassan Rouhani called the killing a “heinous crime” and vowed his country would “take revenge.”

Many pundits are debating what form of retaliation Iran will take. While kinetic actions may be among them, cyber attacks are a high probability. For most Americans, this could be a very real threat to the homeland.

Iran has demonstrated many times they have the ability, and will, to carry out cyber attacks. In 2012, Iranian cyber actors knocked out more than 30,000 computers operated by the Saudi state oil company Aramco. The Aramco operation used data-wiping malware known as “Shamoon” that targeted the administrative computers of the company, preventing it from exporting crude oil.

Here in the US, Iranian hackers caused millions of dollars in lost profits after they attacked American banks with repeated distributed-denial-of-service (“DDOS”) attacks from 2011 to 2013. Additionally, Iranian hackers were able to access a dam in upstate New York in 2016. While they weren’t able to access the dam’s controls, Iranian cyber actors have continued to improve their skills in breaching control systems.

In 2018, there were explosions at a petrochemical plant in Saudi Arabia that had Iranian input. The attack was attributed to the Russians, but with Iranian involvement, showing a clear escalation of their sophistication and coordination.

What does this mean for your business? US companies should have a heightened sense of vigilance and proactivity. If you were thinking of making an investment to improve your organization’s cybersecurity posture, don’t put it off. Consider the following:

  • Pull out your Incident Response (“IR”) plan and test it. Make sure your procedures are up to date and that your employees know their roles and responsibilities during an incident.
  • Think about your Information Security Risk Management Program. You likely put some plans and policies in place. Double-check that they’re appropriately covering your business’ operations.
  • Understand your risks and how to mitigate them. For instance, a key defensive measure against ransomware is to have a good backup system for your data. Verify your processes are working as expected.

There’s no need to panic. While we don’t know what will happen next, we can at least be prepared. Please have a conversation with your cybersecurity team soon.

Photo by Taskin Ashiq on Unsplash