Posted on January 4, 2020 at 12:07 PM

Security experts say Iran’s Retaliatory Attack could Include CyberAttacks on U.S Businesses

In retaliation of the United States Airstrike that killed a senior Iranian military commander, Qassem Soleimani, Iran could use cyberattacks on U.S. organizations. According to cybersecurity experts, the Iranian authority could be planning on a cyber attack on U.S. organizations as part of the government’s response to the killing of their citizen.

Qassem was part of the Iranian Revolutionary Guard, as he had been the leader of the Quds Force. He was known in Iran as a national hero, and one of the most revered military commanders in the country.

However, President Donald Trump, on Friday, ordered an airstrike at the Baghdad International Airport to kill him. According to U.S authorities, Qassem was planning to attack the United State’s interest in the Middle East.

Following Qassem’ death, the internal conflict between Iran and the United States has a reason beyond measure. Iran has repeatedly vowed to avenge his death. Security experts are warning that the retaliatory action of Iran could come in various forms, including using militia groups, through allied rebels, disruption of oil supply in the Middle East, as well as cyber-attacks.

Cybersecurity firms have been monitoring activities

After the death of Qassem Soleimani, many cybersecurity firms have been monitoring the case closely, looking out for loopholes where the Iranian cyber attackers could explore. They have been closely monitoring activities of attacks linked to Iranians, to help detect and mitigate the threats on time.

The Department of Justice said that Iran might target universities with huge projects like nuclear research, chemical defence, and industrial research for the government. Industry professionals are also offering expert advice and tips on the protection of their cyberspace. They have informed organizations and give them insights on the best way to keep their systems protected and immune to the imminent cyber attack.

Anti-threat coordination centre established

Intelligence Analysis director at FireEye, JohnHultquist, said that the gravity of the case between the U.S. and Iran had left them no option than to expect a retaliatory attack. However, he warned that there is a huge possibility that these retaliatory attacks will include cyber attacks. In response to the perceived threat, FireEye has set up a Community Protection event to help coordinate a counter-threat for the imminent attack.

According to him, there would be serious of espionage on majorly government systems, as the Iranian attackers prepare for what it perceives to a pound of flesh against the U.S. He also said the business community is anticipating destructive and disruptive cyberattacks against the private sector as well. 

Attackers targeting both private and government organizations

Before the JCPOA, Iranians have been known to carry series of attacks against some government and private agencies in the U.S. However after the agreement, the country has limited its attacks within the Middle East, despite the sour relationship between both countries.

But it seems the recent killing of Qassem Soleimani has tasted its patience enough. According to security experts, the country can launch attacks through various forms on both the U.S. government and its private sphere.

In the past years, Iran has used wiper malware to infiltrate systems and cause disruption. Senior manager of FireEye’s Information Operations Department said Iran has fully utilized online information operations to offer support for geographical objectives.

According to him, the country has refined a wide range of sophisticated methods and tactics on a cyber threat it is likely going to leverage at this time. He warns that organizations (both governmental and private) should be very careful and watchful on their systems, to help wade off the perceived onslaught of the cyberspace by Iranian attackers.

Multiple attack scenarios expected

Strategic Threat Development director at Record Future, Priscilla Moiriuchi, hinted that the deaths of Huhandis and Qassem will most definitely have consequences in multiple scenarios. The scenarios may not be limited to military attacks against the U.S. government.

According to her, the retaliatory measures could include targeted assassinations, bombings, cyber operations, and short-range ballistic missiles. She said Iran has formidable cyber operational forces, which is why all U.S. organizations should take the necessary precautions to protect their system.

The recent example of Russian state-sponsored cyber syndicate that hijacked and utilized Iranian infrastructure could cause some confusion regarding the identity of the main attacker. It will also lead to confusion and increased uncertainty on the part of the victims.

The confusion is based on the fact that it’s not really known whether the Russians or Iranians are responsible for the attack. If it’s clearly known, it will be easier to position counter-threats in place for such attacks, she said.