The US Department of Homeland Security (DHS) has issued a rare security alert warning about the increased likelihood of cyber attacks originating from Iran.
President Trump ordered a drone strike on an Iranian convoy last week, killing top general Qasem Soleimani. Trump claims Soleimani was a “terrorist leader who had just killed an American, & badly wounded many others, not to mention all of the people he had killed over his lifetime, including recently hundreds of Iranian protesters. He was already attacking our embassy, and preparing for additional hits in other locations.”
To many Iranians, Soleimani was seen as a hero in the fight against ISIS and thousands have turned out in Tehran to mourn his death. On the world stage, Soleimani was often seen as being responsible for organising attacks and destabilising actions through Iran-linked proxies such as Hizballah and supporting Assad’s regime.
Iran has promised retaliation for the death of Soleimani but is unlikely to declare traditional war on the US. However, Iran will almost certainly find itself at war if it decides to carry out a military strike on any US personnel or assets. Instead, Iran may opt to increase its use of other means such as cyber attacks.
The DHS has only issued a handful of NTAS (National Terrorism Advisory System) alerts since the system went live in 2011. The most recent alert was published a day after the US drone strike killed Soleimani and stated: “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
Iran-linked cyber attacks
Iran has been linked to many cyber attacks including against US firms and universities, operators of industrial control systems, and banks. Hackers linked to Iran also tried to influence Trump’s campaign and launched attacks against current and former US officials and journalists.
Furthermore, Iran even cut off the internet access of its own citizens during a protest in November. A recent letter suggests Iran will soon only allow citizens to access foreign websites that it whitelists as it furthers its ambitions to create a “national internet” it’s talked about since 2005; which includes building copycats of popular foreign services to reduce outside influence and information.
Speaking to Bloomberg, James Lewis, senior vice president at the Center for Strategic & International Studies, said: “The Iranians are pretty capable and our defenses are uneven, so they could successfully attack poorly defended targets in the US. There are thousands, but they would want something dramatic.”
Iran is unlikely to launch any retaliatory attack during the three days of mourning for Soleimani. Some experts have even suggested that the US should be proactive about cyber defense and take measures to prevent an attack during this period.
Joe Slowik, an ICS malware hunter for Dragos, wrote in a blog post: "US (or US-associated elements) could use this period of Iranian uncertainty to disrupt or destroy command and control or infrastructure nodes required to control or launch retaliatory cyber strikes, nullifying such a capability before it could be called into action."
As of writing, no known official cyber attack has been launched from Iran in retaliation. Some low-level website defacements hit around 20 sites over the weekend but the hackers do not appear to have any official affiliation with Tehran.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.