Is Cyber Retaliation from Iran Imminent?

We are three days into 2020, and the world is already on high alert. For reasons unknown given their classified nature, yesterday evening the US government killed prominent Maj. Gen. Qasem Soleimani in an overnight airstrike at the Baghdad airport. In the mere hours since the killing, we have seen Americans urged to evacuate Iraq, oil prices spike, and Iran’s supreme leader vow a ‘forceful revenge’.

Waiting for Cyber Retaliation

Now, the public waits in uncertainty over what exactly this revenge might look like, and who may be hurt in the aftermath. It is likely that part of their retaliation will be in the form of a cyberattack that has the potential to target United States infrastructure across the public and private sectors.

“The undeniable truth here is that the U.S. took action and now we the public wait and see the response. This can’t be ignored in the game of nations, and Iran's response will most likely include a cyber response. It would be foolish to think that Iran will simply ratchet up its offensive capabilities against the U.S. and other nations as a result of today's news. In fact, Iran is an intelligent cyber opponent with an army of people testing our systems every minute of every day. It is the ultimate game of cat and mouse.”

- Sam Curry, CSO, Cybereason

Cyberattacks from Iran to the United States

This kind of attack would not be out of the ordinary for a country like Iran, which for a long while has posed one of the three biggest cyber threats to the United States. The US and Iran have long been at odds on the global stage, starting more publicly with history’s first known cyber-war back in 2013.

In 2012 and 2013, U.S. Intelligence agencies attributed a targeted attack on Wall Street to an Iranian sponsored group as retaliation for sanctions by the US on Iran. In 2016, Iranians were indicted for gathering intelligence about and attempting to control a dam in a suburb of New York. As of 2018, Iranian hackers were exposed for stealing terabytes of data from US companies, universities, and agencies. More recently, Iran has spent the last several years infiltrating US networks as they try to spread their influence outside of the oil industry.

“At Cybereason, we regularly see Iranian-based threat actors spear phishing using various techniques through 3rd parties, WhatsApp, Facebook, and other links, etc. alongside web-facing interface attacks.”

- Mor Levi, VP of Security Practices, Cybereason

From these larger attacks to the quiet, day-to-day infiltrations that continue behind the scenes, it’s clear that Iran has been preparing for future geopolitical conflict by gaining access to critical infrastructure and other important operations in the United States. To what extent is unknown.

“An attack against the financial systems can be devastating economically and weaken the confidence and viability of markets. However, we cannot ignore the physical consequences and manifestations that can come from a cyberattack, particularly against critical infrastructure like energy and industry control systems. If Iran does pose a retaliatory strike, it’s very probable that cyber means would be used as a low cost, highly effective attack vector.”

- Anne Marie Zettlemoyer, Visiting Fellow, National Security Institute


Likelihood of Cyberwarfare by the US to Carry Out the Drone Strike

Even the drone strike by the US yesterday was likely aided by cyberwarfare between the two countries. How was the United States able to so exactly place the drone strike?

“The successful surgical strike at the precise time, location & transport likely leveraged persistent intelligence access to the targeted individual’s schedule information, which is often acquired via offensive cyber means, and very often is not as well secured as other confidential data types. With counter-assassinations now being on the table as an eye-for-an-eye retaliation option, there’s a need to re-assess the security of schedule & calendar information of high-ranking officials, particularly ones stationed overseas.”

- Israel Barak, CISO, Cybereason

We may take for granted the importance of security for high-ranking officials calendar schedules. But when planning a devastating attack resulting in physical harm like a drone strike, this information is the linchpin to ensuring a successful attack.

The Future Uncertainty

By executing this strike against such a high-profile target, the United States has all but ensured that Iran has control over whether to take the next step and further escalate this situation. Further, the playing field has been leveled to where a drone strike on a high-ranking official of a sovereign nation is an expected or acceptable action. Where will this leave the Iranian response?

“This is serious enough that Director Krebs of CISA warned about Iranian 'wiper' attacks in the wake of the incident. This means that Iran's "forceful revenge" response is likely to be less about the flash and all about the bang. If you have connected systems that are responsible for kinetic world effects, like ICS systems and critical infrastructure around water, energy or vital services, it's time to pay attention. Iran and the US are engaged in Cyber brinksmanship, which means that the gloves are off as Iran picks it's targets”

- Sam Curry, CSO, Cybereason

This weekend and throughout the next week, expect to see military, business, and cybersecurity professionals alike bracing for any retaliatory actions Iran might undertake.

Get your questions answered about the US-Iran conflict from a security expert on the Cybereason team. Reach out to us today.

Cybereason Team
About the Author

Cybereason Team

Cybereason is dedicated to partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason XDR Platform provides predictive prevention, detection and response that is undefeated against modern ransomware and advanced attack techniques. The Cybereason MalOp™ instantly delivers context-rich attack intelligence across every affected device, user and system with unparalleled speed and accuracy. Cybereason turns threat data into actionable decisions at the speed of business.

All Posts by Cybereason Team