The World's Worst Hackers Have Flags

In several recent posts, I’ve been exploring how federal governments in the UK and Australia have funded national cybersecurity efforts. Cyber defense as a matter of national security is a fascinating and frankly quite frightening subject, so I wanted to take a closer look at how global powers are protecting themselves. In this post, I want to examine why countries are suddenly investing so much in cybersecurity...because of countries like Iran

Setting aside all ideological and geopolitical differences, Iran (along with countries like Russia and North Korea) has established itself as a malicious actor on the world’s cybersecurity scene. They’re the “bad guys” for all intents and purposes. Multiple groups with Iranian government backing have carried out attacks targeted at foreign infrastructure with the goal of disrupting public life and cultivating instability that Iran can use to its political advantage. Countries like Iran that not only allow but sponsor cyber attacks against foreign governments are exactly why the UK, Australia, and others are suddenly stressing cybersecurity like never before.

In response to the growing threat posed by Iran, the Cybersecurity & Infrastructure Security Agency (CISA) recently issued an alert to educate potential targets about what to be on guard for. That alert has some vital information about what Iran is doing, who’s a risk, and how to prop up defenses – it’s recommended reading for anyone involved with critical infrastructure. For everyone else, it’s a sobering look at why we need to keep investing (aggressively) in national cybersecurity – and what could happen if we don’t.

A Closer Look at Iran

The newest CISA alert comes shortly after a previous alert warning of Iranian cyber actors exploiting known vulnerabilities in Fortinet and Microsoft Exchange to carry out malicious activities like ransomware. Now, they’re exploiting VMware Horizon Log4j vulnerabilities as well.

This tactic of exploiting known vulnerabilities comes as no surprise (stick with what works) but nonetheless deserves highlighting. Iranian groups may have government support. But when their targets have so many vulnerabilities that are not just known but also widespread and unaddressed, it doesn’t take much to pull off an attack. This just shows us (once again) how cybersecurity needs to catch up to the threats it faces. Governments pouring billions into cybersecurity won’t make much difference if the targets are this easy.

Speaking of targets, Iranian hackers have not been selective about who they attack, primarily selecting targets with vulnerable security. In just the US they launched a ransomware attack against a police department; they encrypted the files of a large transportation company; they hijacked the computers of a municipal government for crypto mining; and they exfiltrated data from an aerospace company. As this list shows, both public and private entities can be targets, and financial gain is not necessarily the driving motivation. On the contrary, inflicting the most attacks and dealing the largest damage seems to be the motivation. To put it differently, Iran isn’t sponsoring these attacks to make money – they’re doing it to make a statement, “we can strike at anyone.”

Where Do We Go From Here?

Iran may be targeting low-hanging fruit right now, but make no mistake: the hackers behind these attacks have whatever resources they need in terms of talent, tools, time, and money. They're wanting for nothing, and they have the means to attack (probably successfully) almost any target on earth. Don’t believe me? Just look at what the Russians pulled off with SolarWinds. Iran could do something similar – it just hasn’t happened yet.

Defense is an arms race – whoever spends the most tends to be the strongest. I think what we're seeing right now – with countries spending more on cyber offense and defense – is simply the application of that defensive principle to national cybersecurity. Countries like Iran and Russia are spending more on cyber attacks, so countries like the UK and Australia are spending more on defenses. This is just the start of a trend that will grow (a lot) as international relations increasingly intersects with the digital realm. Soon, cyber won’t be an emerging defensive line item – it will be the primary sword and shield that countries hold in their hands.

Which means we should expect increases in attacks from countries like Iran, and increases in cybersecurity spending from the rest of the world. This is the new normal. My take: the sooner we adapt the better.

#Cybersecurity #Iran #Ransomware #CISA #UK #Australia #Log4J