After President Trump ordered the killing of Qasem Soleimani, the head of Iran’s Quds Force (think: a hybrid of the CIA and the special forces), it’s no surprise that the situation is escalating. Soleimani was instrumental in Iran’s military power projection throughout the region and around the world, and he was one of the most powerful men in the country. Days after Ayatollah Ali Khamenei announced that there would be “severe retaliation” for the strike, Iran launched a barrage of ballistic missiles at U.S. positions in Iraq, and may have inadvertently downed a Ukrainian 737 killing all 176 people on board.
This attack didn’t take any American lives, which means the United States is under less pressure to escalate the situation even further. However, many security analysts are still concerned about the possibility of a different sort of Iranian provocation in the near future: a series of cyberattacks against the U.S. and our allies. Iran might bet that President Trump will pursue a more measured response to an attack of this kind, such as retaliatory cyberattacks. Crippling as cyberwarfare can be, if the conflict can be moved to a realm that avoids more bloodshed, neither side will be as motivated to launch additional physical attacks.
A U.S. Department of Homeland Security bulletin released on January 4, 2020 reports that “Iran maintains a robust cyber program and can execute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.” Iran has repeatedly demonstrated its ability to launch cyberattacks against targets in the United States and around the world — from major financial institutions to critical infrastructure.
For example, the U.S. Department of Justice indicted seven Iranians in 2016 for a series of coordinated cyberattacks on 46 major American financial institutions, including JPMorgan Chase, Wells Fargo, and American Express. As then-U.S. Attorney General Loretta Lynch explained, “These attacks were relentless, they were systematic, and they were widespread.” As part of the same string of cyberattacks, an Iranian hacker gained access to a dam in New York. Although the dam was offline when its systems were infiltrated, the attack was a reminder that U.S. infrastructure could be targeted.
Other Iranian cyberattacks have been conducted on a much larger scale. An attack on Saudi Aramco ripped through 30,000 computers, destroying hard drives and replacing their contents with images of burning American flags. The hackers used the “Shamoon” virus to carry out this attack — a form of “wiper” malware that obliterates the memory and files of computers within a target network. While it’s likely that the Aramco attack involved someone with privileged access to the company’s networks, attacks can also be carried out remotely — by tricking employees into opening a malicious link or attachment, for instance.
According to the Center for Strategic and International Studies, in the past year alone, there have been Iranian attacks on manufacturers and industrial control systems, government officials, universities, and many other targets. It’s virtually certain that more attacks are on the way — and not just from Iran, as a surging number of states, organizations, and criminals are developing more and more sophisticated forms of cyberwarfare.
And on January 8, 2020, the state of Texas reports thousands of cyberattacks originating from Iran — while local government agencies prepare for thousands more.
So what can companies do to keep themselves safe during this heightened time of cyber threats?
First, make sure all your endpoint protection software, operating systems, and internal applications are up to date. This should be a matter of basic cybersecurity hygiene, but it’s often overlooked.
Second, if you’re in a sector that’s a particularly tempting target for hackers (such as supply chain or infrastructure), stay up to date on the most likely attack vectors and know the exact contacts in federal law enforcement you should reach out to in the event of a breach.
Third, most firewalls have the capability to prevent inbound digital traffic from specific countries in regions such as the Middle East and North Africa. Blocking that traffic could be worth considering in times of crisis, assuming it won’t have an inordinate negative impact on business. For example, if you only do business in the U.S., it would make sense to only allow traffic in from the U.S. if there are potential threats from abroad. Many bad actors will use systems based in other countries for their attacks, but identifying countries that could possibly launch an attack and filtering them out is a good step.
But most importantly, ensure that your employees know how to protect themselves and the company by identifying and preventing cyberattacks. The easiest attack vector for state-sponsored hackers (or hackers of any kind) is to socially engineer an untrained workforce.
When you make cybersecurity training and education a core focus of your company, you don’t just give employees the tools they need to counter cyberattacks — you make sure the all-too-real possibility of those attacks is top of mind. At a time when cyberthreats are all over the headlines, companies have a unique opportunity to open up a discussion about how they can defend themselves — and the country — from those who wish to do us harm.