Iran's Cutting Edge Cyberwar Capabilities

Uploaded on 2020-03-16 in INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, TECHNOLOGY--Hackers

2020 has begun with political tension between the US and Iran. This has the real possibility that Iran will respond to this tension with a series of cyber strikes against both governments and business. Iran has already developed some very destructive malware and now has the capacity to hack and destroy the integrity of data and systems.

Security experts and federal officials warn that Iran could target the military another way, through potentially vulnerable defense contractors. It now has the skills and technical acumen to conduct attacks against its enemies  across numerous sectors, including energy, financial services, and critical national infrastructure.

An Israeli cybersecurity firm has identified a new type of ransomware that it believes was created by Iran and has the ability to lock up or even delete industrial control systems. Tel Aviv-based Otorio, a cybersecurity firm which specialises in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. It also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

Iranian intelligence services and other organisations they are backing are monitoring hotels, the travel industry and phone calls to carry out surveillance on individuals through the data they collect. This has the potential aim to possibly cause physical harm to these individuals, a cybersecurity expert warned a gathering of officials and entrepreneurs in Tel Aviv recently.

Organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

Geopolitics in Cyberspace

Even before this recent aggression, we foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace. It has ushered in an era of destructive attacks that could, for example, be used to influence the 2020 US elections. Geopolitical tensions have the serious potential to explode in cyberspace and domestic terrorism will manifest here as well. We are going to see a resurgence of organised hacking as well as geopolitical clashes, specifically with Iran, Russia and China, escalating dramatically in cyberspace.

Malware Continues to be a Major Threat

Outside of geopolitical conflict and terrorism, research has found that malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019.

UK Threat Report was published in October 2019 which said that one in five businesses (21%) reported seeing custom malware attacks most frequently and 10% cited commodity malware. It means that 31% of businesses reported malware to be the most witnessed attack type.

This research aims to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks. Its purpose is to identify trends in hacking and malicious attacks along with the financial and reputational impact any breaches have had on organisations.

In terms of the prime cause of successful breaches, humans are proving to be the weakest link in the cyber defence chain. Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33%) of respondents affected. Ransomware took second place with 20% of businesses citing this as the primary cause.

The Rise of Cloud-Jacking and Island Hopping

Cloud-jacking and subsequent island hopping will become a more common practice in 2020. Attackers are looking to leverage an organisation’s infrastructure and brand against itself. There will be a lot more cloud-jacking and island hopping via public clouds as well, as new-fangled techniques for hypervisor escapes.

We will also see an increase in mobile root kits. These allow hackers to gain full control over a victim’s device.  
Rootkits give hackers control over other people’s mobile devices allowing them to manifest in the physical setting i.e. leveraging proximity settings on microphone, camera, location etc once they are in the device. This is going to become much more common as a form of competitive intelligence and industrial and economic espionage in the year ahead.

Access mining as a service will also grow. Cyber criminals are already seeing the benefits of not having to hack the victim but outsourcing that function or purchasing the backdoor into that system that has already been planted.

And, virtual home invasions of well-known public figures, celebrities, CEOs and politicians will occur. Significant personalities, whether they be film stars, corporate executives, or politicians, will be hacked through the technology they’ve deployed in their homes, specifically through things like nest and others.

Businesses are Adapting to sustained Cyberattacks

The good news is that businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks. Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber risks.

The report found that companies are tightening up on factors that they can control such as process weaknesses. While 84% reported being breached in the past 12 months and 90% saw an increase in attack sophistication, 76% of companies said they are more confident that they can repel cyberattacks today than they were a year ago.

For many this is because threat hunting is reaping the rewards as teams identify threats that would previously have gone undetected. To this point 90% of the companies that we surveyed said threat hunting had strengthened their defences.

Likewise, there is a sustained level of investment with 93% planning to increase their spending on cybersecurity. This demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively.

2020 is the Age of Cyber Warfare

Who knows how the Iran situation will continue to unfold? The 2020 landscape looks eerie. This situation heightens awareness for all businesses who must be extra vigilant against such threats.

Right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems.

They should be asking them: “Do we have visibility across all of our devices? Are security controls integrated? Do we have a cyber threat hunting team that is actively conducting hunt exercises in our infrastructure now to root out threats and identify whether malicious actors already have a foothold in our networks?”

Because this is not a question of if but when.

The age of cyber warfare is upon us and the threat of cybercrime to businesses continues to multiply by the day, which means the imperative to defend is stronger than ever in 2020.

Former US officials and security experts have expressed concern that Iran may be considering a cyber-attack against the US or its allies after an American airstrike in Baghdad killed Qassem Soleimani, the Iranian major general who led the Islamic Revolutionary Guard’s Quds force.
 
Iran holds an arsenal of malware, and Otorio said Snake was likely created before the general’s assassination.

Business Needs to be Aware

Iranian hackers are already using fake links within LinkedIn to get people to download malware and often employees don’t recognise that using social networks could potentially be a danger to their company, they get complacent.

If the company doesn’t have the proper technologies in place, if they don’t have a proxy firewall, for example, that would filter the web traffic and inspect it. There is a good chance that they can click from a link and download something or have something execute on their system that would then start infecting the rest of the systems within the organisation.

Enterprise Times:      WorldOil:         Times Of Israel:     Radio Farda:      InformationSecurityBuzz

You Might Also Read:

Where Is Iran's Cyber Response To It's General's Assassination?:

 

 

 

 

« UK Government: Mobile Devices Lost & Stolen
Business Has Increased Cyber Security But Lacks Cyber Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

NGS (UK)

NGS (UK)

NGS (UK) Ltd are independent, vendor agnostic, next generation security trusted advisors, providing all-encompassing solutions from the perimeter to the endpoint.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

Guidehouse

Guidehouse

Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

Metrodata Group

Metrodata Group

PT. Metrodata Electronics, known as Metrodata Group, is the leading information communication technology company in Indonesia.