New Iranian Cyber Warfare Puts U.S. Networks at Risk

Brian Thomas | June 28, 2019

As tensions between the U.S. and Iran continue to heat up, a cyber war is already underway between the two nations.

This past weekend, in response to the attacks on oil tankers in the Gulf of Oman and the downing of a surveillance drone, the U.S. launched a successful cyberattack on the computer systems that control Iran’s rocket and missile launchers.

Not to be outdone, Iran quickly struck back. On June 23, 2019, the Department of Homeland Security (DHS) issued a warning that Iran began directing “malicious activity” at U.S. industries and government agencies by using “destructive wiper malware.”

Destructive “wipers” target U.S. organizations

Unlike ransomware, the malware used in these wiper attacks can “do much more than steal data and money,” said DHS Cybersecurity and Infrastructure Agency Director Christopher Krebs. Indeed, they can destroy entire systems or data and cause financial and reputational damage to impacted organizations.

“These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” Krebs explained.

This new frontier of warfare is alarming, but not new. Last year, the Carnegie Endowment for International Peace, a global network of policy research, issued a report charting the progression of the four-decade-long U.S.-Iran cold war into the realm of cyberspace: “Incidents involving Iran have been among the most sophisticated, costly, and consequential attacks in the history of the internet.” In 2014, Iran launched attacks against Israel’s internet infrastructure. The following year, Iranian hackers instigated a 12-hour power outage in Turkey, impacting 40 million people. And in 2017, the emails of 90 MPs in the British parliament were compromised, supposedly in an attempt to compromise the Iran nuclear deal.

The events of recent days are different because they target both the public and private sector. U.S. cyber intelligence firms report that this latest wave of attacks has already targeted the finance, gas, and oil markets. As tensions ratchet up, organizations can expect to see more overt use of these cyber weapons to disrupt the economy, manufacturing, and national infrastructure.

Can the government help?

The current cyber war highlights the fact that cyberattacks continue to pose enormous risk to companies and organizations. A new report found that 45% of executives say that defending against such attacks is their single biggest risk in the next 12 months.

Alarmingly, they say it’s a risk they face alone. Sixty-two percent report that they lack confidence that the government can protect them against cyberattacks, while 72% are “not at all confident” that the federal government will help them protect customer data.

Speaking to CNBC, our own CTO, Stephen Boyer concurs: “Over the last few years, private companies have realized that they are mainly responsible for combating cyberattacks on their own and that government agencies do not provide reliable protections. That realization means the private sector is spending more time and effort protecting themselves and looking at how to make more informed risk decisions within their own organization instead of seeking help from government agencies.”

“If the goal is to build a more secure global ecosystem, that cannot just be a technology fix. It needs to be a global diplomacy commitment to try and create a more trusted ecosystem,” he said.

Trust, but verify the hidden risk in your networks

Shoring up your basic defenses is critical to protecting your organization from such attacks. But that’s just step one.

The second step borrows from President Ronald Reagan’s English translation of a Russian proverb – “trust, but verify,” which he used during the nuclear disarmament negotiations with Mikhail Gorbachev.

Never assume that there aren't any vulnerabilities in your information security systems or those of your third-party partners or vendors. Purchasing the latest security solutions doesn’t always ensure systems are secure. Organizations must be prepared to monitor their own security status, but also that of their vendors – on a continuous and global basis – to limit the number of vulnerabilities in their supply chain.

With intelligence on compromised systems, security diligence, and user behavior risks, you can take significant steps towards reducing the risk for your company and customers.

Trust, verified.

third party risk management

Suggested Posts

Market-Changing Research Reveals Link Between Strong Cybersecurity and Stock Price

One of the biggest questions in cybersecurity now has an answer… and the implications are significant for investors, policymakers, corporate executives, and cybersecurity professionals alike. 


5 Ways to Transform Your Security Program

Between difficulty communicating with boards and executives, decreasing budgets, and difficulty measuring how exactly risk was being reduced, security leaders are under pressure to change the way they do things. The situation for security...


What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Subscribe to get security news and updates in your inbox.