Experts urge vigilance for cyber systems amid escalation with Iran
On the night that the airstrike that killed Iran's top military leader in Baghdad, the Department of Homeland Security's Cyber arm, Cybersecurity and Infrastructure Security Agency (CISA) was already re-upping its guidance from the summer on the threat Iran poses to not only cities and towns, but also banks and other financial institutions.
They warned that it's important to sure up basic defenses during times when a cyber strike could be imminent.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear-phishing, password spraying, and credential stuffing,” the statement says. “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
Wiping, according to Kiersten Todt, a former Obama administration cyber official and the managing director of the Cyber Readiness Institute, is when a company gets its computers completely wiped out with no trace of any data.
“What they do in these wiping attacks is they destroy the computers. So it's complete data destruction, network destruction. So there's nothing left now, obviously, nothing subtle about it. There is no forensic analysis. It is complete destruction,” Todt said.
Most recently, Todt pointed to when the Las Vegas Sands Corporation had its computers ‘wiped’ by Iranians after its founder, Sheldon Adelson, called for a nuclear attack on Iran.
In 2012, Iranian hackers targeted Saudi Aramco, the world's largest oil producer based in Saudi Arabia.
The attack wiped out nearly 30,000 computers, however, the company said oil production was not affected by the cyberattack.
The Federal Depository Library Program website was reportedly briefly shut down over the weekend, after the site displayed pro-Iranian, anti-U.S. propaganda, a CISA spokesperson confirmed.
“We are aware the website of the Federal Depository Library Program (FDLP), the website aimed at making government publications available to Americans, was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors,” the spokesperson told ABC News. “The website was taken offline and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners.”
These warnings from the government show the legitimate threat that the United States has from Iranian cyber actors.
The National Threat Assessment bulletin released on Iran specifically mentions the threat of cyber retaliation from Iran.
“Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States,” the bulletin posted this weekend explains.
“Iran's response will most likely include a cyber response,” Sam Curry, CSO of Cybereason told ABC News. “It would be foolish to think that Iran will simply ratchet up its offensive capabilities against the U.S. and other nations as a result of today's news. In fact, Iran is an intelligent cyber opponent with an army of people testing our systems every minute of every day. It is the ultimate game of cat and mouse. But in this instance, the consequences could be lasting.”
A utility company source told ABC News there were ongoing conversations between government entities and critical infrastructure companies, as well as among critical infrastructure companies, to touch base regarding the heightened security status and the need for vigilance in the wake of the killing.
During any global event, the source said, there is a conversation between critical infrastructure partners to ensure the safety and security of information. Utility companies frequently talk to the DHS, FBI, and other critical infrastructure organizations about ongoing threats.
It is not just the private sector that is taking these threats from Iran seriously – government officials are too.
“Certainly Iran as a nation-state, they have a cyber capability and they've certainly taken lessons from both the Russians and Chinese and North Koreans,” Bryan Paarmann, a former special agent in charge of the counterterrorism division at the FBI's New York Field Office and current Senior Vice President at Brosnan Risk Consultants, told ABC News. “Cyber is now a tool of warfare. I wouldn't put them as capable as the Russians or Chinese, but are they capable of doing targeted attacks against infrastructure? Absolutely.”
In 2016, the Justice Department indicted seven Iranians, which they say were working on behalf of the government for hacking multiple financial institutions, including J.P. Morgan Chase, Wells Fargo and Bank of America, as well as attempting to hack into a dam in upstate New York.
At points during the attack on the banking sector computers were hit with a flood of data, overwhelming their systems, and the Justice Department says hundreds of thousands of customers were cut off from their financial institutions – and their money.
Alarmingly, the Department of Energy commissioned a report produced in 2018, which analyzed the threats of cyber-attacks. It found the hack into the New York state dam might’ve been hacked into because it was the easiest target.
“It is possible that the Iranian attackers selected the small Bowman dam simply because it was ‘low-hanging fruit,’” researchers concluded. “When critical infrastructure control systems are directly exposed to the internet, they become an easy target for any potential attacker to find. In this case, it turned out to be sophisticated threat actors from Iran.”
The Office of the Director Intelligence also made clear in its latest Worldwide Threat Assessment report that Iran’s cyber capabilities are a real threat.
“Iran uses increasingly sophisticated cyber techniques to conduct espionage; it is also attempting to deploy cyber-attack capabilities that would enable attacks against critical infrastructure in the United States and allied countries,” the report says.
The report also says Iranian cyber actors are targeting “US Government officials, government organizations, and companies to gain intelligence and position themselves for future cyber operations.”
ODNI also warns that Iran is capable of disrupting "large corporate networks for days and weeks —similar to its data deletion attacks against dozens of Saudi governmental and private-sector networks in late 2016 and early 2017."
Todt told ABC News that everyday government employees and the public could prevent a cyber-attack by being vigilant and aware.
“Because of the interconnectedness that has been created as individuals, we actually have the ability to contribute to security. So it is time for individuals to be aware and hyper-vigilant around attacks and how they're vulnerable,” Todt said. “One of the tools that Iran has been using, that there is evidence of, is phishing and social engineering.”