Story image

Cyberattacks imminent for Western businesses due to Trump’s actions

10 May 18

There are to be some serious cybercrime implications following on from Trump’s scandalous announcement that the US would not renew the waivers on sanctions against Iran.

That’s according to a report from Recorded Future that was published today that analysed the Iran cyberthreat.

Recorded Future director of strategic threat development Priscilla Moriuchi says President Trump’s actions have placed American businesses at increased risk for retaliatory and destructive cyberattacks by the Islamic Republic.

“We assess that within months, if not sooner, American companies in the financial, critical infrastructure, oil, and energy sectors will likely face aggressive and destructive cyber attacks by Iranian state-sponsored actors,” says Moriuchi.

“Further, our research indicates that because of the need for a quick response, the Islamic Republic may utilise contractors that are less politically and ideologically reliable (and trusted) and as a result, could be more difficult to control. It is possible that this dynamic could limit the ability of the government to control the scope and scale of these destructive attacks once they are unleashed."

The report states that since at least 2009 the Islamic Republic has regularly responded to sanctions or perceived provocations by conducting offensive cyber campaigns.

According to Recorded Future, the Islamic Republic has traditionally preferred to use proxies or front organisations both in physical conflict and cyberattacks to achieve their policy goals.

Iran faces the prospect of negative economic impact as instead of renewing the waivers on sanctions against the nation, the US will impose additional economic penalties, the combinations of which amounts to a de facto US withdrawal from the 2015 Joint Comprehensive Plan of Action (JCPOA) that is commonly referred to as the ‘Iran nuclear deal’.

“We assess, based on Iran’s previous reactions to economic pressure, that with President Trump’s exit from the JCPOA, Iran is likely to respond by launching cyberattacks on Western businesses within months, if not faster,” the report states.

“Judging from historical patterns, the businesses likely to be at greatest risk are in many of the same sectors that were victimised by Iranian cyberattacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy.”

Some of the key judgements from the report include:

  • Due to needing to act quickly, Iranian cyber response will be staffed and executed by capable, but less trusted contractors, resulting in the Islamic Republic possibly having difficulty controlling the scope and scale of the destructive cyberattacks once they have begun. 

  • The Islamic Republic operates with embedded paranoia, where ultimately, no one can be trusted.
  • Iranian cyber operations are administered via a tiered approach, where an ideologically and politically trusted group of middle managers translate intelligence priorities into segmented cyber tasks which are then bid out to multiple contractors.
  • Based on Recorded Future’s source’s conversations with other hackers in Iran, there are over 50 estimated contractors vying for Iranian government-sponsored offensive cyber projects.
  • According to Insikt Group’s source, to find and retain the best offensive cyber talent, Iranian government contractors are forced to mine closed-trust communities.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.