There are to be some serious cybercrime implications following on from Trump’s scandalous announcement that the US would not renew the waivers on sanctions against Iran.
That’s according to a report from Recorded Future that was published today that analysed the Iran cyberthreat.
Recorded Future director of strategic threat development Priscilla Moriuchi says President Trump’s actions have placed American businesses at increased risk for retaliatory and destructive cyberattacks by the Islamic Republic.
“We assess that within months, if not sooner, American companies in the financial, critical infrastructure, oil, and energy sectors will likely face aggressive and destructive cyber attacks by Iranian state-sponsored actors,” says Moriuchi.
“Further, our research indicates that because of the need for a quick response, the Islamic Republic may utilise contractors that are less politically and ideologically reliable (and trusted) and as a result, could be more difficult to control. It is possible that this dynamic could limit the ability of the government to control the scope and scale of these destructive attacks once they are unleashed."
The report states that since at least 2009 the Islamic Republic has regularly responded to sanctions or perceived provocations by conducting offensive cyber campaigns.
According to Recorded Future, the Islamic Republic has traditionally preferred to use proxies or front organisations both in physical conflict and cyberattacks to achieve their policy goals.
Iran faces the prospect of negative economic impact as instead of renewing the waivers on sanctions against the nation, the US will impose additional economic penalties, the combinations of which amounts to a de facto US withdrawal from the 2015 Joint Comprehensive Plan of Action (JCPOA) that is commonly referred to as the ‘Iran nuclear deal’.
“We assess, based on Iran’s previous reactions to economic pressure, that with President Trump’s exit from the JCPOA, Iran is likely to respond by launching cyberattacks on Western businesses within months, if not faster,” the report states.
“Judging from historical patterns, the businesses likely to be at greatest risk are in many of the same sectors that were victimised by Iranian cyberattacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy.”
Some of the key judgements from the report include:
- Due to needing to act quickly, Iranian cyber response will be staffed and executed by capable, but less trusted contractors, resulting in the Islamic Republic possibly having difficulty controlling the scope and scale of the destructive cyberattacks once they have begun.
- The Islamic Republic operates with embedded paranoia, where ultimately, no one can be trusted.
- Iranian cyber operations are administered via a tiered approach, where an ideologically and politically trusted group of middle managers translate intelligence priorities into segmented cyber tasks which are then bid out to multiple contractors.
- Based on Recorded Future’s source’s conversations with other hackers in Iran, there are over 50 estimated contractors vying for Iranian government-sponsored offensive cyber projects.
- According to Insikt Group’s source, to find and retain the best offensive cyber talent, Iranian government contractors are forced to mine closed-trust communities.