Iranian Hacker image from Bank of America

High phishing alert in preparation for Iranian retaliation

Government agencies and private sector organisations are on high alert in preparation for potential cyber retaliations from Iranian state-backed hackers.

Experts from government intelligence and security organisations are issuing warnings over the likelihood Iran may resort to social engineering and phishing attacks in retaliation to the US air strike which killed Iranian commander Qasem Soleimani in Baghdad, Iraq last Friday.

Though several websites have already been defaced with pro-Soleimani messages, the attacks are not being seen as a significant cause for concern.

Pro-Iranian message posted on the Federal Depoistory Library Program’s website.

What is causing stir and unrest is the growing anticipation of social engineering and phishing-based attacks aimed at disrupting US infrastructure. Officials are suggesting these attacks could focus on municipal IT systems, US military and healthcare facilities along with energy stations including oil and gas facilities.

There are also fears that the heightened emotions circulating the Shiite Islam world could give rise to hacker groups banding together to create much stronger international assault collectives. Groups from Syria and Lebanon have already shown their support.

“We watched the funeral march closely, in the sense that that’s a lot of emotion, that when harnessed alongside a pretty substantial cyber capability, is going to represent longer term fallout than just a few small site takedowns…”

Anonymous US Treasury Official

The US Department of Homeland Security (DHS) have issued a Terrorism Advisory Bulletin which details possible repercussions of the air strike.

Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.

Other hostile nations, including China and Russia, could use this media storm as a smoke-screen to launch their own attacks. It would not be the first time Russia had used Iran to cover its tracks.

The isolation and lack of support given to Iran by other global leaders has actually worked in its favour when it comes to its cyber capabilities. The lack of import-export infrastructure has given rise to a wealth of highly skilled practical engineers, versed in building appliances, applications and technology. Also, Iran can operate with relative autonomy with regard to cyber attacks and has little incentive to hide their actions.

“In the past, whether it be contractors or other hired guns, those who conduct these types of attacks at the government direction are much less likely to experience any consequences. We can’t really get into Iran to prosecute. It allows them to operate with more freedom and try different types of attacks, they’re not terribly shy in terms of hiding themselves. Based on what I’ve seen, we haven’t seen anything just yet. Actual retaliation, it’s currently being thought through right now by them.”

Darren Van Booven – Lead Principal Consultant, Trustwave SpiderLabs

Many organisations are seeking additional Security Awareness Training for their staff, and we encourage all readers to educate their users on the dangers of phishing emails and other email-borne attacks.

We have also created a tool that shows how many of your users are susceptible to clicking on phishing emails, check it out here: Free Click-Prone® Test.

As we enter 2020 and uncertain times ahead, be certain of your staff’s ability to maintain your organisation’s security.

Recent posts