The Truth About Iranian Cybersecurity Threats
Given recent headlines, one might conclude that Iranian Cybersecurity threats were a new development. In fact, Iran has been a player in the international cyber game since 2002 with the formation of the Ashiyane hacking forum to repress dissidents. By 2007, government backed organizations had begun to develop sophisticated tools and engage in active campaigns.
As reported by the Carnegie Endowment for International Peace, Iran’s first major international act was to attack Twitter in December of 2009 to disturb the efforts of the Iranian Green Movement that was working against the reelection of Mahmoud Ahmadinejad. Two years later Iranian efforts resulted in one of the largest data breaches in internet history when a hack on DigiNotar gave the Iranian government access to Gmail users in Iran.
Cybersecurity Threats to Businesses
As Iran’s skills in cyber attacks developed, their focus has expanded to international businesses. In 2012 an alleged virus was launched against Saudi Arabia’s Aramco oil conglomerate. It also conducted denial-of-service attacks against U.S. banks. This trend in Iranian cybersecurity threats is continuing to grow.
The Iranian hacker group OilRig has focused primarily on private industry targets and managed to breach Las Vegas Sands in 2014. Another group, Iranian Dark Coders Team, has focused on cyber-vandalism by defacing industry sites with pro-Iranian propaganda.
Recent Iranian Cyberattacks Against Albania
Albania has accused the Iranian government for multiple cyberattacks that have disrupted Albanian government. These attacks included targeting the Total Information Management System that is used to track data of parties leaving and entering the nation. According to prime minister Edi Rama these same Iranian actors have been responsible for previous hacks against Albania.
The FBI and The Cybersecurity & Infrastructure Security Agency (CISA), in a joint cybersecurity advisory, confirmed these attacks against the government of Albania. These attacks were executed between July and September of 2022 by Iranian state sponsored cyber actors identified as HomeLand Justice. These attacks included the use of ransomware-style file encryption and disk wiping malware. Initial access was accomplished by exploiting an Internet-facing SharePoint.
The U.S. Department of Treasury has imposed economic sanctions against HomeLand Justice and Esmail Khatib who is linked to the Iranian Ministry of Intelligence and Security. These sanctions have been enacted in reaction to cyberattacks and various anti humanitarian crimes against the nation’s citizenry. Aside from the imposed sanctions, these actions place any possible nuclear deal with Iran in jeopardy.
Other Iranian Hacking Activities
Here in the United States, federal authorities have indicted three Iranian individuals for cyberattacks. These attacks used ransomware to target critical infrastructure targets including power companies. The campaigns were coordinated efforts of the Iranian Government and the Islamic Revolutionary Guard Corps.
Internationally Iran has been actively targeting both individuals and entities in both the public and private sectors. Such activities have been reported in Canada, Australia, and the United Kingdom. According to additional reports from Israel, the Israel Defense Forces (IDF) claim that cyberattacks against Israel have more than doubled in 2022.
Iranian cybersecurity threats are changing in that more state run organizations are being utilized. In the past Iran had largely depended on outsourced hackers. Now, as the country develops it talent resources more groups like HomeLand justice and APT42 are being identified as having directly under the Islamic Revolutionary Guard Corps.
International Threats
In truth, there are few innocent nation states in the cyber attack world. There has been an invisible and silent international state of war in the cyber world for decades. Those that pose the greatest threat to businesses in the United States include The Peoples Republic of China, Russia, and North Korea. These players actively seek on an ongoing basis to disrupt businesses and steal vital and sensitive information.
Cyberattacks initiated by nation states normally fall under four categories; disinformation and propaganda, espionage, terrorism, and sabotage. While these activities are often discovered and attributed to countries, as of now, little public retribution is to be expected. We are in a world of war in the shadows where nefarious exploits can render very real and harmful effects.
The Larger Cybercrime Situation
International trends in cybercrime show an increasing sophistication by both organized crime and hostile nation states. These cybercriminals are continuing their efforts against high-value targets that include the industrial, IT, and infrastructure sectors. This activity is occurring at a time when many organizations are struggling to develop integrated cybersecurity solutions.
Many industrial sectors have been reluctant to adopt systematic approaches to cyber hygiene. Effective cybersecurity for organizations must include an Information Security Management System (ISMS). An ISMS is a collection of policies, procedures, controls, and incident responses that systematically address information security in an organization. It is a framework based on risk assessment and risk management.
This has been the case with numerous businesses in the United States contracting with the Department of Defense (DoD). In 2020, the interim ruling, DFARS 252.204-7012, placed cybersecurity requirements on Department of Defense (DoD) supply chain contractors vendors to complete security compliance with NIST SP 800-171 DoD assessment methodology.
Cybercriminals control a vast underground economy worth trillions of dollars a year. Hacking enterprises offer their services for hire and sell their stolen private and proprietary data online. These players specialize in specific methods to meet their clients needs. Beyond the hackers, dealers of stolen data create wealth to fund other activities including human trafficking.
CVG Strategy ISMS Solutions
Businesses worldwide are under attack from players that are well funded and very focused on compromising proprietary data. CVG Strategy can help you attain an ISO 27001 certification. This can help you demonstrate a commitment to data security through an internationally recognized process. IT solutions alone are not sufficient to combat these forces.
Viable solutions include all stakeholders in an enterprise. They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.
CVG Strategy provides cybersecurity consulting and training for large and small organizations. Our experts can tailor a program using risk management process to identify information assets and interested parties. We can create the documentation and provide the essential training to establish your ISMS and guide you through certification audits.
CVG Strategy also provides consulting services for NIST 800-171 and CMMC Certification for those businesses and institutions providing services to the Department of Defense and other government agencies.