Story image

Cyberattacks imminent for Western businesses due to Trump’s actions

10 May 18

There are to be some serious cybercrime implications following on from Trump’s scandalous announcement that the US would not renew the waivers on sanctions against Iran.

That’s according to a report from Recorded Future that was published today that analysed the Iran cyberthreat.

Recorded Future director of strategic threat development Priscilla Moriuchi says President Trump’s actions have placed American businesses at increased risk for retaliatory and destructive cyberattacks by the Islamic Republic.

“We assess that within months, if not sooner, American companies in the financial, critical infrastructure, oil, and energy sectors will likely face aggressive and destructive cyber attacks by Iranian state-sponsored actors,” says Moriuchi.

“Further, our research indicates that because of the need for a quick response, the Islamic Republic may utilise contractors that are less politically and ideologically reliable (and trusted) and as a result, could be more difficult to control. It is possible that this dynamic could limit the ability of the government to control the scope and scale of these destructive attacks once they are unleashed."

The report states that since at least 2009 the Islamic Republic has regularly responded to sanctions or perceived provocations by conducting offensive cyber campaigns.

According to Recorded Future, the Islamic Republic has traditionally preferred to use proxies or front organisations both in physical conflict and cyberattacks to achieve their policy goals.

Iran faces the prospect of negative economic impact as instead of renewing the waivers on sanctions against the nation, the US will impose additional economic penalties, the combinations of which amounts to a de facto US withdrawal from the 2015 Joint Comprehensive Plan of Action (JCPOA) that is commonly referred to as the ‘Iran nuclear deal’.

“We assess, based on Iran’s previous reactions to economic pressure, that with President Trump’s exit from the JCPOA, Iran is likely to respond by launching cyberattacks on Western businesses within months, if not faster,” the report states.

“Judging from historical patterns, the businesses likely to be at greatest risk are in many of the same sectors that were victimised by Iranian cyberattacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy.”

Some of the key judgements from the report include:

  • Due to needing to act quickly, Iranian cyber response will be staffed and executed by capable, but less trusted contractors, resulting in the Islamic Republic possibly having difficulty controlling the scope and scale of the destructive cyberattacks once they have begun. 

  • The Islamic Republic operates with embedded paranoia, where ultimately, no one can be trusted.
  • Iranian cyber operations are administered via a tiered approach, where an ideologically and politically trusted group of middle managers translate intelligence priorities into segmented cyber tasks which are then bid out to multiple contractors.
  • Based on Recorded Future’s source’s conversations with other hackers in Iran, there are over 50 estimated contractors vying for Iranian government-sponsored offensive cyber projects.
  • According to Insikt Group’s source, to find and retain the best offensive cyber talent, Iranian government contractors are forced to mine closed-trust communities.
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.