The FBI this week released a cyber alert warning that Iranian hackers could be planning cyberattacks against American businesses and government networks following the Trump Administration’s withdrawal from the Iran nuclear deal.
The alert referenced previous Iranian cyberattacks that were carried out against U.S. targets during the last seven years that were launched under similar circumstances, the Washington Free Beacon reported.
“The FBI assesses foreign cyber actors operating in the Islamic Republic of Iran could potentially use a range of computer network operations — from scanning networks for potential vulnerabilities to data deletion attacks — against U.S.-based networks in response to the U.S. government’s withdrawal from the Joint Comprehensive Plan of Action (JCPOA),” the cyber alert read.
The alert made note of previous retaliation attempts carried out by hackers due to “perceived slights against the regime,” including DDOS, or denial of service attacks, on U.S. financial institutions in December 2011 and August 2013. The attacks were a direct response to newly implemented economic sanctions.
In 2014, Iranian hackers also attacked the networks of the Sands Casino in Las Vegas following anti-Iranian government comments made by casino mogul Sheldon Adelson.
“From 2016 to 2017, malicious Iranian cyber actors also conducted coordinated and broadly targeted intrusion campaigns against U.S. companies, academic institutions and government entities,” the FBI said. “The FBI encourages U.S. companies to report suspicious network activities to local FBI offices or FBI CyWatch.”
The FBI document outlined the various methods of attack Iranian hackers have been known to use, hoping that institutions that might be a target can be adequately prepared.
Some of the methods include fraudulent phishing emails, password “spray” attacks, data deletion and DDOS attacks.
The FBI recommends educating personnel on the attackers’ methods and implementing the proper tools that might combat the threat.
Network administrators are also urged to create a dedicated IT email account to report suspicious emails and activities.
The continued fear of a cyberattack from Iran has escalated the nation “from a low-level cyber threat to a capable adversary,” according to a 2015 State Department-led council, and Iran’s cyber capabilities have been a serious concern for U.S. intelligence agencies since at least 2012.
“NSA experts say Iran will continue this series of attacks, which it views as successful, while striving for increased effectiveness by adapting its tactics and techniques to circumvent victim mitigation attempts,” a 2013 NSA document stated. “[Signals intelligence] indicates these attacks are in retaliation to Western activities against Iran’s nuclear sector and that senior officials of the Iranian government are aware of these attacks.”