The long-awaited war between Iran and Israel is intensifying, and cybersecurity officials warn that US infrastructure could become a target of Iranian cyberattacks on critical infrastructure. While, until now, cyber-attacks have been strictly consolidated in the Middle East, analysts are keeping a close eye on operational expansions.
Radware Security Solutions’ researchers identified a spike in cyber defense systems chatter from pro-Iranian hacktivist groups on Telegram and other platforms, alleging threats have already been directed at of Saudi Arabia and Jordan. The researchers claim the Iranian hacking group is threatening of digital retaliation if both Kingdoms decide to side with Israel.
In Israel, cyber groups have claimed responsibility for disrupting Iran’s national radio broadcasting channel, as well Israeli hacking group, Predatory Sparrow, claiming responsibility for an attack on an Iranian bank. The group revealed that i gained access to the bank’s data and has allegedly erased it.
“Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,” said Chief Analyst at Google’s Threat Intelligence Group, John Hultquist.
“Targets in the United States could be reprioritized for action by Iran’s cyber threat capability,
Hultquist added.
Any state-sponsored cyberattacks threats are raising alarms across US critical sectors, especially in the wake of past incidents involving Iranian aligned cyber actors targeting US infrastructure, including the water sector.
Washington Responds to Cyberattacks on Critical Infrastructure
The US government is stepping up its technologies used in critical infrastructure cyberattacks. The US State Department announced a $10 million reward for information leading to the identification of members of the Iranian linked hacker group known as CyberAv3ngers. The group was accused of deploying the malware IOCONTROL to attack industrial control systems in the US and Israel.
“These individuals are associated with Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command,” said the State Department in a public alert. The malware, they added, has been used to compromise critical systems by exploiting default credentials on programmable logic controllers (PLCs) and other internet-exposed devices.
Private sector leaders are also sounding the alarm for these cyber security threats to critical infrastructure.
In an advisory issued earlier this month, the FBI and Department of Homeland Security urged companies in sectors such as energy, food, and transportation to brace for potential ransomware, data theft, and destructive attacks by Iranian actors.
“These hacktivist groups will leverage a variety of tactics, including the exploitation of vulnerable systems, targeted spear-phishing, and data collection, and are known to carry out both disruptive and destructive attacks,” said Executive Director of the IT-ISAC, Scott Algeier.
“These actors are increasingly sophisticated and often overlap strategically with the goals of state-sponsored objectives,” Algeier continued to warn.
Everyday Tech, Extraordinary Risk
The cyber threats to critical infrastructure aren’t just about defense, but the US companies may unknowingly rely on tech related to war zones, making everyday tools possible for foreign cyberattacks. Many American infrastructure systems depend on globally sourced technology, some of it developed or manufactured in politically unstable regions, triggered by the global reliance that’s enabling supply chain-based cyber intrusions.
A Google blog post revealed that some Iranian hackers previously they ended up protecting critical infrastructure from cyber threats and then leveraged knowledge of Israeli-made equipment to breach US water systems. Such cases show how global technology supply chains can be exploited to carry out remote sabotage.
CyberAv3ngers’ use of IOCONTROL is a case in point.
By attacking common industrial tools used across sectors built outside the US foreign hackers are bypassing traditional frontlines and embedding their attacks in seemingly benign systems.
“Iranian cyber activity in Israel is already persistent and aggressive and has been for several years. Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,” Hultquist states.
As geopolitical tensions rise, so too do the cyberattacks on critical infrastructure and also the need for a national strategy that accounts for both direct cyber threats and the more insidious vulnerabilities buried deep in the hardware and software that power American life.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.