Cyber Strike vs Air Strike
Iran has vowed revenge after the killing early Friday of the Iraq Revolutionary Guard General Qasem Soleimani. One likely way Iran could retaliate is through cyber-attacks, experts say. According to CNN, a website operated by the little-known Federal Depository Library Program, fdlp.gov, was hacked and defaced on Saturday 4th of January and has been taken offline.
This attack, which is claimed is done by Iranian hackers, didn’t take the server down, instead they changed the DNS info for the domain which redirected traffic to their site. The US server was untouched and means the defacement can be fixed by getting the DNS entry changed back. This attack was probably caused by a social engineering attack on whoever registers the domain. Considering social media can increase the potential likelihood of this hack hypothetically this attack might have been done by a sympathizer or proxy group instead of by the Iranian government.
In 2006, the United States Air Force (USAF) (https://www.airforce.com) analysts introduced the term Advanced Persistent Threats (APTs) to describe attacks on governments and commercial organizations although, APTs also often target the valuable information found in smaller organizations. Frequently, due to lack of security technologies and expertise, these types of network infection have remained uncovered, and so APTs coders are never caught easily. As APTs attack are a marathon, not a sprint, it is certainly possible the destructive payloads which could have been planted by Iranian cyber agents in U.S. infrastructure will now be triggered.
In practice, APTs can be based on software, hardware, social engineering or some combination of the three. For this, cybercriminals can coordinate their attacks among various delivery venues, including email, the Web, social media, legitimate files, etc. APTs generally do not cause damage to company networks or local machines. Instead, the goal of it is most often data theft.
Iran has a long history of politically motivated cyber-attacks across the world andpossesses strong cyber capabilities from late 2011 to mid-2018. For example, a series of disruptive denial-of-service attacks that knocked the websites of major U.S. banks offline such as JPMorgan Chase, Bank of America and Wells Fargo with large “Denial of service” attacks. This made it difficult for customers to log in to their accounts and access their money.
As the U.S. prepares for its presidential elections, there are opportunities for Iranian hackers to design and cause real disruption and destruction by a new version of the malware to manipulate computer systems. A handful of malicious files has already been at work silently sabotaging systems outside companies that are believed to be connected in some way to the elections process.
As history has shown before, Iran can retaliate against the U.S. by targeting industry. Potential targets include companies that are involved in industrial control systems. Businesses should consider to at least save data to another location and make sure the back-ups are working. The US needs hardened protection from cyber-attack. Last but not least a few questions will are still to be answered:
Is it high time to count down to Digital Weapon Strike Back after Iranian Top general’s Assassination? Is a handful of malicious files the proper response to save the face of Iran rather than escalate the fight to traditional warfare or nuclear attack?
Would an increase of Iranian cyber activities be equivalent to the loss of life?
Bibliography : https://edition.cnn.com/2020/01/05/tech/iran-cyberattacks-retaliation/index.html https://www.bloomberg.com/news/articles/2016-03-24/u-s-charges-iranian-hackers-in-wall-street-cyberattacks-im6b43tt https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/