Exactly ten years after Stuxnet, President Trump approved a cyberattack that took down Iranian missile control. Washington Post sources say the exact impact of the Cyber Command operation isn’t clear, but it was described as “crippling”.
As tensions in the Middle East continue to escalate, the Department of Homeland Security’s cyber-security agency is warning companies to take protective action now. Christopher Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA) warned in a tweet that the U.S. should expected to see increased cyber-activity from Iranian hackers, particularly in the form of data-wiping malware, credential stuffing attacks, password spraying, and spear-phishing.
Spear-phishing appears to be the current lead method of attack. FireEye and CrowsStrike both reported phishing campaigns linked to a known Iranian hacking group. In the group’s arsenal- the extremely destructive Shamoon disk-wiper that was recently used against the Saudi Government. Saudi Aramco saw the loss of 35,000 machines destroyed by Shamoon in 2012.
Iranian hackers may seem like small potatoes against bigger threats like Russia and China, but a threat is still dangerous. “They are going to potentially look for ways to retaliate in the event that there is an attack,” said Adam Meyers, CrowsStrike vice president of intelligence, “and disrupting the global energy market would fall well within the area they see as appropriate.” U.S. targets appear to be U.S. Government and energy-sector entities including oil and gas with phishing emails already seen posing as messages from the White House’s Executive Office.
Now is the time to step up security awareness training!