One of the firm promises of candidate Donald Trump was “to dismantle the disastrous deal with Iran.” As President Trump, he imposed additional sanctions on Iran following a recent ballistic missile test carried out by the Islamic Republic. That led to big demonstrations in Tehran and, according to at some cybersecurity experts, could lead to increased cyberattacks against U.S. firms.
In comments Thursday at the RSA Conference in San Francisco, an executive of cybersecurity firm CrowdStrike said that the United States and Iran have concocted “the perfect recipe” to heat up cyber espionage and other cyberattacks protesting U.S. policies on Iran.
Adam Meyers, vice-president of intelligence at CrowdStrike told DarkReading.com that Iran’s “hacking machine” is now busier than ever:
What’s new is the level of activity we’ve seen, with dozens of targets in Saudi Arabia over the past two months. One of the things we’re tracking is if things escalate between the US and Iran, then we expect attacks will be likely in the [U.S.] financial sector.
Iran has in the past been blamed for spreading the Shamoon malware that in 2012 wiped the hard drives of 25,000 Saudi Aramco computers. Iranian hackers were responsible for launching a wave of distributed denial of service (DDoS) attacks against U.S. banks that same year. Iran’s hackers have gotten more sophisticated since then, according to Meyers.
The X-Force Incident Response and Intelligence Services (IRIS) team at International Business Machines Corp. (NYSE: IBM) published a report on Wednesday related to the Shamoon malware attacks against thousands of computers in the Gulf states in the 12 months from November 2015 to November of 2016. Shamoon is designed to destroy computer hard drives by wiping the master boot record (MBR) and data irretrievably, unlike ransomware, which holds the data hostage for a fee.
Spear-phishing emails sent to a company’s employees also include a copy of a Microsoft Word document containing a malicious macro that can infect the user’s machine and could lead to access to other machines on the company network. Once the target pool inside a company is big enough, the attackers release the Shamoon virus, overwriting the drives and disabling the machines.
So far this year the Identity Theft Resource Center (ITRC) has not reported any breaches that have resulted in the loss of records or data at any U.S. financial institution. But there is probably no juicier commercial target, and that is reason enough for security experts to worry.