FT: US on high alert for cyber attacks

The US public and private sector are on high alert for cyber retaliation from Iranian state-backed hackers following the killing of the country’s top military commander Qassem Soleimani in a US drone strike last week. Experts are warning that potential attacks on critical IT systems and new disinformation efforts out of Iran are likely.

Government officials and cybersecurity experts are anticipating this may come in the form of cyber attacks focused on disrupting anything from corporate and municipal IT systems to transit, logistics, healthcare or US military facilities.

Over the summer, US homeland security warned about an increase in so-called “wiper” attacks from the Iranian regime and its proxies, aimed at deleting not just data but often bringing down entire networks.

John Hultquist, director of intelligence analysis at FireEye, said: “Tearing the grid down is probably outside [Iran’s] capability. But they could cause serious destruction . . .[through] attacks that essentially wipe live [IT] systems clean,” he added.

Iran was linked to attacks between 2011 and 2013 on US banks such as Bank of America and Capital One, as well as J.P. Morgan, Bank of America and Wells Fargo with large “denial of service” attacks, making it difficult for customers to log into their accounts and access their money.

“The banks were overwhelmed by huge amounts of traffic that caused their websites to crash. Seven Iranians were indicted in 2016 by a New York grand jury for the hacking. The seven were employed by two Iranian companies that worked for the Iranian government,” according to CNN Business. The US Treasury has also issued sanctions against several Iranian companies associated with state and military entities for cyber attacks.

“[It’s] time to brush up on Iranian TTPs [tactics, techniques and procedures] and pay close attention to your critical systems, particularly ICS [industrial control systems],” Chris Krebs, director of the US Department of Homeland Security’s cyber division, said on Twitter. Groups should be monitoring who has third-party access to their systems, he added.

Read the full article

Related Posts

Previous Post
ESMA provides 12 month extension on LEIs for non-EU counterparties under SFTR
Next Post
ESMA publishes final Guidelines on reporting under Articles 4 and 12 SFTR

Fill out this field
Fill out this field
Please enter a valid email address.


Reset password

Create an account