Cyber Threat Brief: Iran

Changes in Iranian-US Relations Likely to Result in Increased Cyber Attacks on US Infrastructure

On Sunday, July 22nd, United States President Donald Trump and Iranian President Hassan Rouhani exchanged threatening messages via Twitter, with implications of war between the U.S. and Iran. While there is talk about restriction of oil shipments transiting the Strait of Hormuz, there is also a significant threat in cyberspace.

Preparations for Cyberwarfare

The U.S. has been preparing for an expected increase in cyberattacks from Iran since the May 2018 withdrawal from the Iranian nuclear deal. Just last week at the 2018 Aspen Security Forum, U.S. officials announced that Iranian hackers had laid the groundwork for extensive attacks against the United States.

Critical Infrastructure At-Risk

Government-backed Iranian hackers are known for conducting cyber attacks against critical infrastructure. These attacks are notoriously motivated by economic or political vengeance. In 2012 Iranian hackers performed a Denial of Service (DoS) attack that disabled nearly all of the major U.S. banks' websites. This attack occurred immediately after the U.S. tightened its economic sanctions on the nation and limited many countries’ trade involvements with Iran. Since the nuclear sanctions have been decreased, Iranian hackers scaled back their attacks against the United States, but have continued to target critical infrastructure abroad and further develop their hacking skills. The August 2017 attack against Saudi Arabian oil and energy companies are suspected to be a form of practice for similar infrastructure attacks against the United States. Now that tensions have escalated, the likelihood of cyberattacks such as those has increased.

Possible targets in the U.S. could include organizations involved in both physical and financial infrastructure, particularly those involved in energy or who have business dealings connected to Israel. Iran’s cyber attackers are not completely integrated into the Iranian government (as evident by the many attacks the nation has faced from within), but attacks targeting traditional Iranian enemies and those associated with them are common. Iranian hackers often target physical operations, enact zero-day exploits, and design attacks that maximize disruption and financial loss to the target.