National security experts believe that Iran’s retaliation against the U.S. targeted attack that killed its top general will likely include cyberattacks. Iran’s state-backed hackers are already among the world’s most aggressive and could inject malware that triggers major disruptions to the U.S. public and private sector.
Potential targets include manufacturing facilities, oil and gas plants, and transit systems. A top U.S. cybersecurity official is warning businesses and government agencies to be extra vigilant.
Such cyberattacks by Iran are not unprecedented. In 2012 and 2013, in response to U.S. sanctions, Iranian state-backed hackers carried out a series of disruptive “denial-of-service” attacks that knocked the websites of major U.S. banks offline, including Bank of America as well as the New York Stock Exchange and NASDAQ. Two years later, they wiped servers at the Sands Casino in Las Vegas, crippling hotel and gambling operations.
The disruptive hacks on U.S. targets eased when Tehran entered into the now-defunct nuclear deal with the Obama administration in 2015. So, now in the aftermath of the killing of Gen. Qassam Soleimani, and the scrapped nuclear deal — it is highly probable that such attacks will resume.
“Our concern is essential that things are going to go back to the way they were before the agreement,” said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye. “There are opportunities for them to cause real disruption and destruction.”
Iran has been doing a lot of probing of critical U.S. industrial systems in recent years — trying to gain access — but has limited its destructive attacks to targets in the Middle East, experts say. It’s not known whether Iranian cyber agents have planted destructive payloads in U.S. infrastructure that could now be triggered.
“It’s certainly possible,” Hultquist said. “But we haven’t actually seen it.”
While there is reason for concern, especially since Iran has been increasing its cyberattack capabilities, but, the experts agree that their abilities to conduct such an assault on US targets “is not in the same league as China or Russia.”
Still, cybersecurity experts say the threat should not be taken lightly. Iran is widely believed to have been behind a devastating 2012 attack on Aramco, the Saudi oil company. That attack is said to have wiped the data from more than 30,000 computers.
The top cybersecurity official at the Department of Homeland Security, Christopher Krebs, urged companies and government agencies to refresh their knowledge of Iranian state-backed hackers’ past exploits and methods after Soleimani’s death was announced. “Pay close attention to your critical systems,” he tweeted.
In June, Krebs warned of a rise in malicious Iranian cyber activity, particularly attacks using common methods like spear-phishing that could erase entire networks: “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”