New Iranian Cyber Warfare Puts U.S. Networks at Risk

As tensions between the U.S. and Iran continue to heat up, a cyber war is already underway between the two nations.

This past weekend, in response to the attacks on oil tankers in the Gulf of Oman and the downing of a surveillance drone, the U.S. launched a successful cyberattack on the computer systems that control Iran’s rocket and missile launchers.

Not to be outdone, Iran quickly struck back. On June 23, 2019, the Department of Homeland Security (DHS) issued a warning that Iran began directing “malicious activity” at U.S. industries and government agencies by using “destructive wiper malware.”

Destructive “wipers” target U.S. organizations

Unlike ransomware, the malware used in these wiper attacks can “do much more than steal data and money,” said DHS Cybersecurity and Infrastructure Agency Director Christopher Krebs. Indeed, they can destroy entire systems or data and cause financial and reputational damage to impacted organizations.

“These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” Krebs explained.

This new frontier of warfare is alarming, but not new. Last year, the Carnegie Endowment for International Peace, a global network of policy research, issued a report charting the progression of the four-decade-long U.S.-Iran cold war into the realm of cyberspace: “Incidents involving Iran have been among the most sophisticated, costly, and consequential attacks in the history of the internet.” In 2014, Iran launched attacks against Israel’s internet infrastructure. The following year, Iranian hackers instigated a 12-hour power outage in Turkey, impacting 40 million people. And in 2017, the emails of 90 MPs in the British parliament were compromised, supposedly in an attempt to compromise the Iran nuclear deal.

The events of recent days are different because they target both the public and private sector. U.S. cyber intelligence firms report that this latest wave of attacks has already targeted the finance, gas, and oil markets. As tensions ratchet up, organizations can expect to see more overt use of these cyber weapons to disrupt the economy, manufacturing, and national infrastructure.

Can the government help?

The current cyber war highlights the fact that cyberattacks continue to pose enormous risk to companies and organizations. A new report found that 45% of executives say that defending against such attacks is their single biggest risk in the next 12 months.

Alarmingly, they say it’s a risk they face alone. Sixty-two percent report that they lack confidence that the government can protect them against cyberattacks, while 72% are “not at all confident” that the federal government will help them protect customer data.

Speaking to CNBC, our own CTO, Stephen Boyer concurs: “Over the last few years, private companies have realized that they are mainly responsible for combating cyberattacks on their own and that government agencies do not provide reliable protections. That realization means the private sector is spending more time and effort protecting themselves and looking at how to make more informed risk decisions within their own organization instead of seeking help from government agencies.”

“If the goal is to build a more secure global ecosystem, that cannot just be a technology fix. It needs to be a global diplomacy commitment to try and create a more trusted ecosystem,” he said.

Trust, but verify the hidden risk in your networks

Shoring up your basic defenses is critical to protecting your organization from such attacks. But that’s just step one.

The second step borrows from President Ronald Reagan’s English translation of a Russian proverb – “trust, but verify,” which he used during the nuclear disarmament negotiations with Mikhail Gorbachev.

Never assume that there aren't any vulnerabilities in your information security systems or those of your third-party partners or vendors. Purchasing the latest security solutions doesn’t always ensure systems are secure. Organizations must be prepared to monitor their own security status, but also that of their vendors – on a continuous and global basis – to limit the number of vulnerabilities in their supply chain.

With intelligence on compromised systems, security diligence, and user behavior risks, you can take significant steps towards reducing the risk for your company and customers.

Trust, verified.