How Iran Targets U.S. Businesses

| The Cipher Brief
Iran, Tehran national official state flag in a computer technological world

U.S. businesses are being warned to harden their defenses in anticipation of potential cyberattacks as tensions between the U.S. and Iran continue to escalate. 

President Donald Trump posted to Twitter on Tuesday that “Any attack by Iran on anything American will be met with great and overwhelming force.  In some areas, overwhelming will mean obliteration.”  

That comment appeared to be in response to a statement by Iran’s President Hassan Rouhani that his country would not be intimidated by U.S. sanctions.

Cipher Brief expert and former National Intelligence Manager for Iran, Norm Roule, told us this week that his regional contacts “…have seen a spike in Iranian cyberattacks over recent months.  I expect this to continue until Iran’s Supreme Leader believes that the regime will be punished for such operations.”  

Christopher Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency issued a warning over the weekend that “malicious cyberactivity” was on the rise. “Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to so much more than just steal data and money,” said Krebs in a statement posted to Twitter.  “These efforts are often enabled through common tactics like spear phishing, password spraying and credential stuffing.  What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.” 

Back in 2011 and running through 2013, Iran conducted distributed denial of service attacks, or DDoS attacks (Distributed Denial of Service) against a large number of U.S. banks, including some of the largest banks in New York City.

In 2016, The Justice Department handed down an indictment on seven Iranian hackers who they believed were acting on behalf of the Iranian government.

“I know that the perception is that Iran attacked U.S. banks because of the sanctions that Treasury had implemented as part of a broader U.S. international policy to address Iran’s nuclear weapons programs,” says Leslie Ireland, a Cipher Brief expert and former Assistant Secretary of the Treasury for Intelligence and Analysis. “I wouldn’t be surprised if U.S. banks were again subject to cyberattack, but I’d also point out that when the U.S. has sanctioned Iran, the sanctions were against a range of industries. It wasn’t just against the financial sector, but the airline sector, the Iranian shipping line, IRISL, was targeted. I think if you think this through from an Iranian perspective of trying to understand what they would consider to be a proportionate attack, I would encourage other industries, parts of our critical infrastructure, to consider the possibility that Iranian cyber actors could come after them as well.”

When it comes to how U.S. businesses should be thinking about the threat in light of the latest warnings, FBI Deputy Assistant Director Tonya Ugoretz told The Cipher Brief that “Cyber is a means for nation-states to achieve their strategic objectives, so it’s important to consider the geopolitical environment when assessing risk and network defenses. As Department of Justice indictments have shown, Iran has a history of both cyber espionage and disruptive and destructive cyberattacks. In addition to employing cyber hygiene best practices, we are all safer when we are forward-leaning in sharing information about suspicious activity – both across and between the government and private sector.”

The Cipher Brief tapped a number of other cyber experts with government and private sector backgrounds, to get a well-rounded take on today’s increased threat to U.S. businesses. We asked them what the latest provocations mean for business and which sectors are most likely to be targeted, as well as their advice on the top three things businesses should be doing right now to harden their defenses.

This is Cipher Brief Level I Member Only content. It can be accessed via login or by signing up to become a Cipher Brief Member.  Joining this high-level, security-focused community is only $10/month (for an annual $120/yr membership). What a great and inexpensive way to Feed Your Need to Know.

LAUNCHING IN JULY:  The Cyber Initiatives Group, powered by The Cipher Brief.  The CIG is a public-private sector group of cyber professionals who share observations, high-level thought and expert perspective on cyber issues impacting all of today’s businesses.

With a team of principals including Former CIA and NSA Director, General Mike Hayden (Ret.), former NSA Director, General Keith Alexander (Ret.), former Deputy NSA Director Rick Ledgett, former NCTC Director Matt Olsen, former Vice Chairman of the Joint Chiefs of Staff, Adm. Sandy Winnefeld and former DHS Deputy Undersecretary for Cybersecurity, Mark Weatherford, the new Cyber Initiatives Group will focus on connecting experts in ways that share best practices on cybersecurity. 

If you’re interested in becoming an inaugural member or sponsor of this thought leadership group, please send an email to [email protected] and we will send you an invitation to join the conversation. 

‘I’m excited to facilitate this critical cyber conversation and to be working with leaders from across the private sector as they tackle the very difficult cyber issues that impact every company doing business today.’  – Michael V. Hayden