Iran has vowed to retaliate against the United States following the killing of Iranian military commander Qassem Soleimani last week in Baghdad, Iraq, by a U.S. drone strike. The escalation of tensions between the two countries has caused concern on the web as “World War III” has been trending on Twitter and in Google searches. While the prospect of armed conflict with Iran has now increased in likelihood, the much more imminent threat is from Iranian cyber attacks attempting to disrupt U.S. businesses and infrastructure.
Probing for Weaknesses
There have already been three documented low level hacks on government sites since the assassination of Soleimani. Over the weekend the Federal Depository Library Program website was defaced by a group claiming to be Iranian hackers. The website displayed a photo of President Trump bleeding from the mouth and getting punched in the face superimposed over a map of Iran. The image was accompanied by a pro-Iranian message.
The Federal Depository Library Program gives the public access to government documents including bills and studies. The hack caused the site to be down for 24 hours with a spokeswoman for the Cybersecurity and Infrastructure Security Agency, a sub department of the Department of Homeland Security, releasing a statement that said the attack exploited a “misconfiguration” in the website’s content management system. These misconfigurations are extremely common attack vectors for hackers against U.S. businesses.
This attack was followed with a hack of the Texas Department of Agriculture website on Tuesday. Similar to the hack of the Federal Depository Library Program, the Texas Department of Agriculture website was defaced to display an image of Soleimani with “Shield Iran” claiming responsibility. The South Alabama Veterans Council site was also targeted with the same defacement. That site has not yet come back online as of this writing.
It is unclear whether these hacks were ordered by Iran or even originated in the country. The Iranian government has been known to contract hackers to conduct attacks but has also conscripted hackers that are allowed to act without explicit orders. While Iran does not have the cyber attack capabilities of nations like Russia, China and the United States, it still has considerable firepower and seems to be probing the country for weaknesses.
Danger to U.S. Businesses
In 2012, Iranian hackers displayed their capabilities when they conducted an attack on Saudi Aramco, the Saudi Arabian national oil company. The attack used a virus known as Shamoon to damage 30,000 computers and shut down the company’s main internal network for over a week. The goal of the attack was to disrupt oil and gas production.
It’s this ability to be disruptive that U.S. businesses should be most concerned with, especially those entities that are tangentially related to the U.S. government. Government contractors and those companies that are part of the supply chain for contractors are at particularly considerable risk.
The risk profile of the average business has now been elevated because Iranian hackers are more likely to disrupt day to day business. Those that work within the government supply chain, critical infrastructure (utilities, electric, manufacturing), oil and gas, gov software dev, etc. are now in an elevated threat position.
The Federal Information Security Management Act (FISMA) was enacted specifically to regulate and enforce data compliance standards on government entities and government contractors. The requirements of FISMA are things that should be the basis of every businesses’ cybersecurity plan. Unfortunately, most businesses, government contractor or otherwise, fail to abide by even basic cyber safeguards leaving themselves vulnerable. The federal government simply does not have the resources to help protect the average business owner because the priority is on protecting government owned entities.
The Department of Homeland Security issued a bulletin that said in part:
“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S. based targets. Iran maintains a robust cyber program and can execute cyber attacks against the United States, Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects…”
Cyber attacks on the country have become a much larger issue for the public since the hacks on the 2016 presidential elections. Nation state affiliated hacks are increasingly on the rise, with nearly a quarter of all data breaches being attributed to nation state actors. Tensions with Iran being heightened and with it being once again an election year, 2020 may see more nation sponsored cyber attacks than ever before.