There are a few more details coming out about last week’s cyber targeting of an Iranian-backed group by the U.S. military. Sources told CNN that the goal was to “disable and degrade” an Iranian-backed group that operates forces in Iraq and Syria by disabling their communications systems.
The latest details shed light on the cyber battlespace and how it’s being exercised at a higher than usual degree as the rhetoric between the U.S. and Iran continues to escalate. U.S. officials are warning businesses to increase their vigilance against intrusion and attacks by Iranian-backed threat actors.
The U.S. company Recorded Future released a report on Wednesday laying out some of the trend lines they’ve detected from Iranian-backed hacking groups over the past several years.
Not surprisingly, the company says some of the most recent targeted industries include; Engineering and Construction, Water and Electricity, Technology, Retail, Finance, Media, Healthcare and Defense.
The Cipher Brief asked Levi Gundert, VP of Intelligence Risk at Recorded Future, to provide some insight into what he’s seeing.
Iran is a unique adversary in the cyber domain, it’s different from other countries with offensive cyber capabilities - China, Russian, North Korea - because Iran is a theocracy.
The Iranian government employs a network of contractors to accomplish offensive cyber objectives, but they divide the tasking because of a general lack of trust. Trust is primarily cemented via adherence to the Ayatollah’s precepts, but according to our sources, most of the Iranian contractors are only interested in monetizing Iranian government offensive campaigns.
Since the Iranian government doesn’t directly employ offensive teams, there is a lack of trust, but the trade-off is an ability to obfuscate true purposes and motives from the individuals carrying out the mission(s).
All businesses need ongoing awareness of geo-political events and the implications of nation-initiated cyber actions as a larger piece of national policy. The escalating tension between the U.S. and Iran is particularly relevant for companies in particular industries because Iran has historically demonstrated a willingness to retaliate in the cyber domain (e.g. Operation Ababil, Sands Corp., Shamoon 2, etc.) for perceived aggressions.
Businesses need to be vigilant about threat actor’s preferred methods of accomplishing initial unauthorized access, including phishing, web shell placement, and third-party compromises. They should also be actively hunting in their internal networks for previously undetected signs of compromise. Finally, disaster recovery preparedness is important in the event of a destructive attack on information systems.
Enterprises have long been aware that they are playing defense against the resources of nations. The recent announcement that U.S. Cyber Command initiated actions against an “Iranian group” only increases the awareness that the global private sector may potentially be in the cross hairs of actions between nations.
Read also How Iran Targets U.S. Businesses in The Cipher Brief.
LAUNCHING IN JULY: The Cyber Initiatives Group, powered by The Cipher Brief. The CIG is a public-private sector group of cyber professionals who share observations, high-level thought and expert perspective on cyber issues impacting all of today’s businesses.
With a team of principals including Former CIA and NSA Director, General Mike Hayden (Ret.), former NSA Director, General Keith Alexander (Ret.), former Deputy NSA Director Rick Ledgett, former NCTC Director Matt Olsen, former Vice Chairman of the Joint Chiefs of Staff, Adm. Sandy Winnefeld and former DHS Deputy Undersecretary for Cybersecurity, Mark Weatherford, the new Cyber Initiatives Group will focus on connecting experts in ways that share best practices on cybersecurity.
If you’re interested in becoming an inaugural member or sponsor of this thought leadership group, please send an email to CIG@thecipherbrief.com and we will send you an invitation to join the conversation.
‘I’m excited to facilitate this critical cyber conversation and to be working with leaders from across the private sector as they tackle the very difficult cyber issues that impact every company doing business today.’ – Michael V. Hayden
