Rising tensions between the United States and Iran could inspire Iran to launch cyber attacks against U.S. infrastructure. Following the January 2, 2020 U.S. strike in Iraq that killed Iranian IRGC-Quds Force commander Qassem Soleimani, the U.S. Department of Homeland Security recently sent out a National Terrorism Advisory Bulletin stating the following:
- Iranian leadership and several affiliated violent extremist organizations publicly stated they intend to retaliate against the United States.
- At this time we have no information indicating a specific, credible threat to the Homeland.
- Iran and its partners, such as Hizballah, have demonstrated the intent and capability to conduct operations in the United States.
- Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S. based targets.
- Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.
- Homegrown Violent Extremists could capitalize on the heightened tensions to launch individual attacks.
- An attack in the homeland may come with little or no warning.
- The Department of Homeland Security is working closely with our federal, state, local, and private sector partners to detect and defend against threats to the Homeland, and will enhance security measures as necessary.
History shows us that cyber threats from Iran are no joke. All organizations of any size could be targeted. Past launched successful U.S. targeted cyber attacks from Iran include:
- In 2019, at least 14 cyber attacks were launched from Iran, according to the Center for Strategic and International Studies.
- In October, Iranian hackers had stolen $3.4 billion worth of intellectual property from universities around the world between 2013 and 2017.
- Previously, U.S. banks were targeted by the Iranian government authorizing distributed denial-of-service (DDoS) attacks after the U.S. imposed or tightened sanctions.
With the potential cyber threat heightened to all U.S. organizations, it is necessary to take extra precautions to safeguard your people. We recommend taking the following steps:
- Sign up for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. https://www.us-cert.gov/ncas/alerts
- Implement basic cyber hygiene practices such as testing data backups and deploying multifactor authentication. https://kybersecure.com/2018/08/01/two-factor-authentication-what-is-it-and-why-do-i-care/
- Become familiar with the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base. https://kybersecure.com/nist-csf-webinar/
- Explore cybersecurity awareness training practices for your organization to drive down cyber attack hit rates. https://kybersecure.com/phishing-test/
- Create a strategy to integrate and align technology within your organization to (A) prevent cyber attacks, (B) mitigate cyber attacks and (C) recover data if an attack circumvents your cyber defenses. https://kybersecure.com/network-security-study/