The Department of Homeland Security sent out a
warning about potential attacks from Iran following the United States’ bombing
of three nuclear facilities. While the
warning said most of the on-the-ground retaliation would focus on the Middle
East, the department also said in increase in cyberattacks is possible.
So the question is:
How much should you worry about cyberattacks? The answer, one expert says, may depend on
who you work for. And whether the
fighting is on hold for now, really doesn’t matter.
“Cease fire, no, cease fire. Cyber activity will never cease,”
says Art Ehuan, the Executive Director for Duke’s Cybersecurity Master’s
Program.
Live threat maps from several cybersecurity firms show the
United States is one of the most targeted countries in the world. We’re also a leader in originating attacks,
but one main difference, a lot of the countries at the top of the attacker list
have state-run programs.
Ehuan considers Iranian government groups to be a second
tier threat actor in the cyber domain, behind first tier actors in Russia,
China and North Korea.
“The Iranians are more, they get access, and they start
conducting activity, malicious activity. They’re not looking at the long-term
positions that say the Chinese threat actor groups would use,” says Ehuan.
He believes Iranian groups would target based on an
objective, rather than a blanket threat to ordinary people, saying “With
the Iranian groups, when they are targeting individuals, it’s for a specific
reason, right? This individual works in government. This individual has access
to critical infrastructure systems.”
A spreadsheet of cyberattacks conducted by the Iranian
government going back 20 years shows political and government organizations,
broadcasters, and defense industry firms are some of the top targets.
That means employees who work in those sectors need to keep
their guards up for phishing schemes via email or even smishing schemes
involving fake texts. The goal is to simply find a way into a system to gather information.
Ehuan adds is always possible the general population could
be targeted, especially with information previously stolen that sits on the
dark web. However, he says those attacks would likely be initiated by Iranian
or Islamic sympathizers who are part of existing hacking organizations.
One simple way to help protect your information is to enable
two-factor authentication, especially on websites or apps that may hold
critical or important information. That way, even if a password is stolen,
hackers can’t gain access if you use something like facial-recognition to gain
access.
