The US public and private sector are on high alert for cyber retaliation from Iranian state-backed hackers following the killing of the country’s top military commander Qassem Soleimani in a US drone strike last week. Experts are warning that potential attacks on critical IT systems and new disinformation efforts out of Iran are likely.
Government officials and cybersecurity experts are anticipating this may come in the form of cyber attacks focused on disrupting anything from corporate and municipal IT systems to transit, logistics, healthcare or US military facilities.
Over the summer, US homeland security warned about an increase in so-called “wiper” attacks from the Iranian regime and its proxies, aimed at deleting not just data but often bringing down entire networks.
John Hultquist, director of intelligence analysis at FireEye, said: “Tearing the grid down is probably outside [Iran’s] capability. But they could cause serious destruction . . .[through] attacks that essentially wipe live [IT] systems clean,” he added.
Iran was linked to attacks between 2011 and 2013 on US banks such as Bank of America and Capital One, as well as J.P. Morgan, Bank of America and Wells Fargo with large “denial of service” attacks, making it difficult for customers to log into their accounts and access their money.
“[It’s] time to brush up on Iranian TTPs [tactics, techniques and procedures] and pay close attention to your critical systems, particularly ICS [industrial control systems],” Chris Krebs, director of the US Department of Homeland Security’s cyber division, said on Twitter. Groups should be monitoring who has third-party access to their systems, he added.