No Iranian cyber attack on the US? ‘It’s not that simple,’ security expert tells GlobalData
January 2020 by GlobalData
The spectre of an Iranian cyberattack loomed large following the assassination of Iran’s general, Qasem Soleimani, but it has so far – publicly, at least – gone unrealised.
GlobalData’s technology deputy editor Rob Scammell assesses the situation. Scammell says: “Tensions between Iran and the US have simmered after Tehran admitted it mistakenly shot down a Ukrainian passenger jet, killing all 176 people onboard.
“While the rhetoric on both sides has been dialled down, cybersecurity experts warn that any Iranian cyber-response would likely come in the coming weeks and months – not imminently.
“This is in part because Iran, in all likelihood, does not currently have the access to US computer systems that it needs to launch what it deems a commensurate response.
“When carrying out a cyberattack, hackers often use a process known as ‘lateral movement’ to move around the target’s network, searching for the key data and assets before striking.
Dave Weinstein, chief security officer for cybersecurity firm Claroty and a formerly of US Cyber Command, tells GlobalData: “Given the fact that we didn’t see anything in the immediate aftermath that was cyber-related, tells me that they probably didn’t have the assets that they needed to be able to pull off a proportionate response. So what we’ll see I think in the coming weeks and in the coming months is just more and more operations geared at gaining that access.”
In the immediate aftermath of the deadly airstrike against Soleimani on 3 January, hackers claiming to be “Iran cyber security group hackers” defaced a minor US government website with a picture of a bloodied President Donald Trump.
Malcolm Taylor, director of cybersecurity at ITC Secure and formerly of GCHQ, tells GlobalData: “We did not see much more than that, but of course it isn’t that simple. For example, it could be argued that a very strong Iranian cyber response may well have gone unnoticed – and could be in the form of laying down capability for later in case of increased tension with the US.”
This access to US networks, he tells GlobalData, would form a “contingency” that could be kept quiet until needed by Iran. “Intelligence agencies love back pocket material like this,” he concludes.