Cyberwar: Covert Cyber Attack Campaign Is Underway

Uploaded on 2019-07-26 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Amid rising tensions with Iran following the country’s downing of a US surveillance drone in June, President Trump ordered and then called off military strikes against targets in Iran. News reports indicated that, in lieu of those strikes, US Cyber Command had taken offensive action against Iranian targets.

The operation was first reported and described as a “retaliatory digital strike against an Iranian spy group.” Shortly afterward, several other outlets picked up the story.

According to reports, the target organisation was a “spy group, which has ties to the Islamic Revolutionary Guard Corps,” and the “online strike targeted an Iranian spy group’s computer software that was used to track the tankers that were targeted in the Gulf of Oman on June 13.” 

Iran threatens Israel 
"Iran has recently threatened the destruction of Israel," Benjamin Netanyahu said on Tuesday (July 9), filmed in front of an F35 fighter jet at the Nevatim Air Force Base near Be'er Sheva...... "But these planes," he warned, "can reach anywhere in the Middle East, including Iran and Syria."

Meanwhile, Israel's cyber capabilities have not been held back. Almost all of the real action is taking place behind the scenes, as the integration of cyber and conventional warfare has developed this year as never before.

This has introduced a new media dynamic, what is being seen is one dimension, one slice, you see what those controlling the narrative want you to see.

Israeli President Netanyahu has responded publicly to the threat made a week earlier by Mojtaba Zolnour, head of Iran's National Security and Foreign Policy Commission, that "if the US attacks Iran, Israel will have only half an hour left to live."
State media rhetoric apart, the real backdrop to this latest exchange is Iran's breach of the 2015 limits on uranium enrichment, the International Atomic Energy Agency (IAEA) verified Iran's "enriching uranium above 3.67% U-235," and Israel's warning that Iran faces (unilateral, if necessary) military action if it continues to break nuclear limits. 

Iran's breach remains well below weapons-grade enrichment, but the direction of travel is sending a message. And that message has been received and so the cyber conflict is now well underway.

Although sometimes this will (deliberately) hit the headlines, as with last month's US retaliatory cyber-attack on Iran's command and control systems, mostly it won't. The message sent with that attack was that "we can reach into your most secure networks when needed," with execution requiring more than clever coding and cyber superiority. 

Behind such an attack is the implication of significant action on the ground, usually entailing the compromise of individuals or physical equipment or the placement of an infected storage device into a live system. Headlines may pause between publicised incidents, activity does not.

Teheran has now responded with the hurried introduction of a command and control unit designed to withstand cyberattacks. Time will tell whether that is effective, but unless there has been a material collaboration with a foreign power, most likely Russia or China. Teheran has made its cyber relationship with Beijing headline news at the same time, with ICT Minister Mohammad Javad Azari Jahromi telling the media that "Iran and China are now standing in a united front to confront US unilateralism and hegemony."

At a June cyber conference in Israel, Netanyahu described the US as Israel's "great and irreplaceable ally," with the two countries "cooperating on cybersecurity like never before." The prime minister openly said that the investments being made are necessitated by "national defense." In the world of offensive cyber, Israel sits at the grown-up's table, with its Unit 8200 having achieved legendary status and a cyber startup landscape near Be'er Sheva intended to replicate hotspots is Maryland and Cheltenham.

While offensive actions on foreign powers will remain, usually, under wraps, Israel has decided that as a proxy it can promote its cyber expertise in combatting terrorist activity in Israel as well as in "dozens of countries" around the world.

It's a message to the world. This is an international effort, with a common focus and a common enemy, and it has an extensive reach. In his cyber presentation, Netanyahu referenced the foiling of an attack on an A380, bound for Abu Dhabi from Sydney, and said that "if you multiply that fifty-times, it will give you an idea of the contribution Israel has made to prevent major terrorist activities, mainly by ISIS, in dozens of countries, and most were foiled by our cyber activities." Netanyahu was not addressing his audience he was addressing the media beyond the walls of the auditorium.

A documentary recently broadcast in Israel  continued the theme. It again referenced the fifty-plus ISIS attacks that have been foiled by intelligence and cyber, even including a dozen such attacks in Turkey, despite the suspension of diplomatic ties between the countries under President Erdogan's stance over the issue of Palestine. 

There are parallels here with the level of collaboration taking place behind the scenes in the Middle East between Israel and surrounding Arab states, where the theory of "my enemy's enemy" has forged some fast collaborations (if not alliances, quite yet), most notably with Saudi Arabia.

Make no mistake, as the world sits and watches and waits to see what happens next in the Middle East, the cyber sphere in its more usual non-public guise is running at full speed. Networks are being probed, weaknesses and vulnerabilities are being tested and exploited, offensive actions are being planned.

Meanwhile, Iran is more than happy to focus its cyber efforts on soft industrial and civilian targets rather than hardened military ones, seen by Teheran as the soft underbelly it can attack on a low-effort, high-impact basis. In June, the Cybersecurity and Infrastructure Security Agency (CISA) within US Dept of Homelanf Security issued a warning about a "recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies."

This year has seen the integration of conventional and cyber warfare as never before. That hybrid, mix and match approach has significantly increased the operational flexibility on both sides, but it has also increased the risks. 

With Russia and China actively sitting on the sidelines, both carrying a cyber threat far beyond Iran's wildest dreams, those risks can escalate as quickly as conventional ones, albeit much less visibly.

Forbes:           TimesofIsrael:           Lawfare:     

You Might Also Read:

The Destabilizing Danger Of Cyberattacks On Missile Systems:

US Cyber Strike On Iran Is A Step Change:

 

 

« Business Is Starting To Believe That AI Is The Best Defence
Lancaster University Hit By Data Thieves »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

Spera Security

Spera Security

Spera helps identity security professionals effectively and confidently measure, prioritize and reduce identity risk to better protect the organization from identity-based attacks.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.

Noma Security

Noma Security

Noma Security's mission is Application Security for the Entire Data & AI Lifecycle.