By Jubin Katiraie
Experts are warning that a global response is necessary to repel the rising wave of cyberattacks on government and communications infrastructure worldwide by the
leading state sponsor of terror, Iran.
Michael Eisenstadt, Kahn fellow and Director of the Military and Security Studies Program at the Washington Institute for Near East Policy said, “Iran is increasingly active and a growing cyber threat, though it isn’t the most sophisticated actor.” He also explained, “But as past Russian hacking efforts in the US have shown, you don’t need to be technologically sophisticated to hack and then leak emails, causing embarrassment to adversaries.”
“Cyber holds a certain appeal” Eisenstadt continued, “because of the difficulty attributing responsibility for cyber-attacks, it provides Tehran with a degree of deniability. Perhaps most importantly, it allows Iran to strike its adversaries globally, instantaneously and on a sustained basis, and to achieve strategic effects in ways it can’t in the physical domain.”
The US, Israel, and Saudi Arabia one of the main targets for the Islamic Republic’s cyberterrorism, “in that order,” Eisenstadt said. “In March 2018, the US government designated an Iranian entity, the Mabna Institute, and nine individuals associated with the institute, for operating a massive hacking and cyber-spying operation that targeted hundreds of universities and companies in dozens of countries to steal proprietary data and academic research, presumably to help Iran’s own research and development efforts, to circumvent sanctions, and to compensate for its economic isolation. These activities had been going on for years.”
Organizations across the Middle East in industries including finance, government, energy, chemicals, and telecommunications have been targeted. A 2018 report by the Carnegie Endowment for International Peace noted, “While Iran’s offensive cyber operations have required modest resources to develop, they have allowed Tehran to project itself as an emerging cyber power able to cause significant harm to its adversaries.”
The report continued, “As judged from the evidence of coordination between security agency actions and observed cyber operations, the campaigns of Iranian threat actors almost certainly have a direct relationship with government entities, specifically the Islamic Revolutionary Guard Corps and the Ministry of Intelligence. Attempts to forecast the future of Iranian cyber operations are constrained by the secrecy on the part of the Iranian state about its activities and an uncertain geopolitical climate.”
Eisenstadt called Russia, China, North Korea, and Iran the the most formidable actors in cyberspace. “Iran’s activities in the cyber domain generally serve its broader foreign policy objectives. In some cases, the goal might be to advance Iran’s propaganda line. In others, it might be to steal intellectual property and propriety information, in order to circumvent sanctions and benefit its own research and development efforts,” he said.
Sharing information, preparing strategies, and educating people about good “cyber hygiene,” such as changing passwords, will help build resilience against cyberattacks.
Dr. Johannes Ullrich, Dean of Research at the SANS Institute, a US company that specializes in information security and cybersecurity training, said as Iran’s conflict with its neighbors grows, so has its presence on the dark web. “Iran is believed to maintain a significant effort to conduct offensive cyber operations against its adversaries,” he said. “It may not be among the most sophisticated, but it’s very aggressive in applying the skills it has. One technique that has been employed in the attacks is domain hijacking. For this attack, an administrator’s password is used to alter settings for an organization’s domain. The attack itself is pretty simple, and the hard part is to get the administrator’s password. It isn’t clear how the administrator password was obtained in these cases, but typically phishing attacks are used. Overall these attacks aren’t terribly sophisticated, but the impact can be huge.”
ClearSky, a Tel Aviv-based cyber tech security firm, recently issued a report that also links Iranian propagandists to fake news sites in 28 countries. In this manner, they spread misinformation about their targets, and advance Tehran’s ideological and geopolitical interests.
A US cybersecurity firm, FireEye, recently issued a warning about fake news sites and profiles on Facebook and Twitter that it believed were operated by Tehran as part of its cyber-influence campaign. Twitter discovered 1 million tweets generated by fake accounts. Facebook deleted 783 accounts tied to Iran that appeared to be engaging in a manipulation campaign against people in almost 30 countries.
While it is against company policy to attribute cyberattacks to a specific “nation-state actor,” Simone Vernacchia, cybersecurity and digital infrastructure advisory lead at PwC Middle East, said that the firm had noted an “increase in disruptive attacks, which may be sponsored by a nation-state.” According to Vernacchia, while here has been a big increase in investment in cybersecurity in past months, but many Middle Eastern countries’ defense systems remain less advanced than those in the West. “A stronger collaboration among privately owned critical infrastructure and government defense systems, as well as a strong and periodically tested set of organizational and technical interfaces, would strengthen the ability to respond to crises,” he said.
