Americans should be on heightened alert for cyberattacks after Iran fired more than a dozen missiles at two military bases in Iraq where U.S. troops are stationed late Tuesday, security researchers say.
Iran could target private businesses and government infrastructure to avenge last week’s killing of its top military commander as tensions between Tehran and Washington reach one of their highest points since the 1979 Iranian revolution.
“I am not predicting it will happen, but if it happens, I won’t be surprised,” said Steven Bellovin, a computer science professor at Columbia University School of Engineering.
A cyber conflict has been silently raging for years. In retaliation for the U.S. drone strike that killed Iranian commander Qasem Soleimani in Baghdad last week, Iran could target the power and electricity you use, the smart devices you carry or your bank account, security experts say.
Even if no attack occurs in coming weeks, “the danger zone will extend for years,” Bellovin warned.
The targeting of U.S. troops in Iraq reverberated late Tuesday, sending U.S. stock futures sharply lower and causing oil prices to surge briefly.
For nearly a decade, Iran has been building up its cyber arsenal and is now considered among the major nation-state threats to the security of the U.S.
“The Iranian regime has demonstrated greater appetite towards destructive or disruptive cyber-attacks in peacetime than any other nation,” say Ed Parsons and George Michael, who research cyber threats to the private sector.
Secretary of State Mike Pompeo acknowledged last week that Iran could unleash cyberattacks.
“The Iranians have a deep and complex cyber capability, to be sure,” Pompeo said on Fox News. “Know that we have certainly considered that risk.”
On Saturday, the Department of Homeland Security warned Americans that Iran is capable of launching cyberattacks with “temporary disruptive effects” against critical U.S. infrastructure, though it had “no information indicating a specific, credible threat to the Homeland.”
The National Terrorism System advisory recommended that Americans take precautions by backing up data and using two-factor authentication for sensitive accounts.
Acting Homeland Security Secretary Chad Wolf tweeted that the bulletin was intended to “inform & reassure the American public, state/local governments & private partners that DHS is actively monitoring & preparing for any specific, credible threat, should one arise.”
On Sunday, a federal website went offline after a hacker uploaded photos to the site that included an Iranian flag and an image depicting a bloodied President Donald Trump being punched in the face.
The images appeared on the Federal Depository Library Program program’s website late Saturday before the site was taken offline. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said it was monitoring the situation.
“We are aware the website of the Federal Depository Library Program was defaced with pro-Iranian, anti-US messaging,” the cybersecurity agency said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible.”
The statement added that “in these times of increased threats” all organizations should increase cyber monitoring, back up IT systems, implement secure authentication and have an incident response plan ready should a hack take place.
CrowdStrike, a cybersecurity firm that warned of increasing cyberattacks by Iran earlier this year, said Monday that industries such as oil and gas and electricity could be targets.
“CrowdStrike Intelligence believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests,” the company said. “Our current assessment is that organizations in the financial, defense, government, and oil and gas sectors are the most likely targets for retaliation activity.”
CrowdStrike said it was monitoring for denial of service and ransomware attacks, tools frequently deployed by Iranian hackers.
Iran intensified its cyber warfare capabilities after the Stuxnet computer worm, a program believed to have been run by the United States and Israel, was uncovered in 2010. The worm destroyed nuclear centrifuges at the Natanz uranium enrichment plant.
“Stuxnet caused Iran to really wake up: ‘Hey this cyber stuff is really powerful. We can do this, too.’ And unlike nuclear weapons, it doesn’t take a huge industrial infrastructure,” Bellovin said.
“Iran’s abilities have gotten noticeably stronger over the last 10 years,” with hackers targeting major U.S. financial institutions, universities and companies, he said.
Bellovin warns that it could take years for Iran to launch a cyberattack. American companies should shore up their defenses accordingly, he said.
“I worry about companies letting down their guard,” Bellovin said. “If people get an alert and then after three weeks revert to business as usual, two years from now they may find themselves hit badly.”
___
© 2020 USA Today
Distributed by Tribune Content Agency, LLC.