Category: Iran

Cyberwar predictions for 2019: The stakes have been raised

Before the internet era, geopolitical tensions drove traditional espionage, and periodically erupted into warfare. Nowadays, cyberspace not only houses a treasure-trove of commercially and politically sensitive information, but can also provide access to control systems for critical civil and military infrastructure.

It’s therefore no surprise to find nation-state cyber activity high on the agendas of governments. In 2019, nation-state cyber activity is expected to increase to unprecedented levels.

Read more about the predictions for nation-state cyber activity in 2019 on ZDNet.

The Most Dangerous People on the Internet in 2018

This year thankfully avoided any world-breaking ransomware attacks like NotPetya. It even had some small victories, like GitHub beating back the biggest DDoS attack in history. Still, online threats are manifold, lurking and evolving, making the internet a more hostile place than ever.

The biggest threats online continued to mirror the biggest threats in the real world, with nation states fighting proxy battles and civilians bearing the brunt of the assault. In many cases, the most dangerous people online are also the most dangerous in the real world. The distinction has never mattered less.

Read the list of most dangerous people on the Internet for 2018 on Wired.

Shamoon 3 Attacks Targeted Several Sectors

New details have emerged about the recent Shamoon 3 attacks, including information on several malware samples, targets in additional sectors, and some links to threat groups believed to be operating out of Iran.

Several new samples of the notorious Shamoon malware emerged recently. While initially researchers could not say who had been targeted, an increasing number of targets have come to light in the past days following the analysis of several cybersecurity firms. Alphabet-owned Chronicle discovered one sample that had been uploaded to its VirusTotal service from Italy on December 10.

Read more about the recent Shamoon 3 attacks on SecurityWeek.

Iran Hackers Hunt Nuke Workers, US Officials

As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations.

The AP drew on data gathered by the London-based cybersecurity group Certfa to track how a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen U.S. Treasury officials. Also on the hackers’ hit list: high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and D.C. think tank employees.

Read more about the recent Iranian hacking campaign on SecurityWeek.

Why Microsoft is fighting to stop a cyber world war

Two days last year finally woke the world up to the dangers of cyberwarfare, according to Microsoft’s President Brad Smith: 12 May and 26 June. On 12 May the WannaCry ransomware attack created havoc by encrypting PCs across the world and costing billions to repair the damage. Just over a month later on 16 June the NotPetya malware caused more damage, again costing billions to fix. Western governments have blamed WannaCry on North Korea, and NotPetya on Russia — it probably was designed as an attack on Ukraine which then got out of hand.

Smith draws a parallel between the run-up to the First World War and the burgeoning cyberwar arms race today. “I’m not here to say the next world war is imminent but I am here to say that there are lessons from a century ago we can learn and apply, that we need to apply, to our own future,” said Smith.

Read more about Microsoft’s efforts to stop a cyber world war on ZDNet.

Iran-Based Hackers Indicted in March Cyberattack on Atlanta

A U.S. grand jury indicted two Iranian nationals over claims they carried out a March ransomware attack against the city of Atlanta, crippling its computer systems and causing millions of dollars in losses. Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri used ransomware known as SamSam to infect about 3,789 servers and workstations in Atlanta, the Justice Department said.

The two men, who operated from Iran, were also indicted last week by a federal grand jury in Newark, New Jersey, for a “34-month-long international computer hacking and extortion scheme,” according to the Justice Department.

Read more about the new charges against the Iranian hackers on Bloomberg.

2019 Security And Defence Predictions

It’s the time of the year for cybersecurity predictions. This time, Suzanne Spaulding, former DHS Under Secretary and Nozomi Networks advisor believes that in 2019, provides her insights.

The things that have been holding back Russia, China, North Korea and Iran from a critical infrastructure attack on the U.S. could shift. When it comes to nation state threats on U.S. critical infrastructure, we think of four key actors: Russia, China, Iran and North Korea. Each country has been held back from attacking the U.S. for different reasons. Think about a graph with an x and y axis. The x axis represents capabilities and the y axis represents destructive intent. At the moment, Russia and China have the highest capabilities, but they fall lower on the scale of destructive intent.

Read more about Suzanne Spaulding’s predictions and learn why she believes hackers from Russia, China, North Korea or Iran may launch a critical infrastructure attack on the US in 2019, on Information Security Buzz.

Federal Indictments in SamSam Ransomware Campaign

Two men — Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran — have been indicted in a criminal conspiracy around the creation and distribution of the SamSam ransomware campaign. The indictment, unsealed today, was handed down by a federal grand jury in New Jersey.

According to the six-count indictment, Savandi and Mansouri hit more than 200 victims, mostly in the government, critical infrastructure, and healthcare sectors. The victims included the City of Atlanta; the City of Newark, N.J.; the Port of San Diego; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta; and six health care-related entities.

Read more about the indictments in the SamSam campaign on DarkReading.

Meaner, more violent Stuxnet variant reportedly hit Iran

Stuxnet allegedly has a vicious little brother, or perhaps it is a malicious cousin; the complex malware was likened to being similar to Stuxnet but “more violent, more advanced and more sophisticated.” Iran, according to the Times of Israel, admitted that its “infrastructure and strategic networks” were hit by a meaner, leaner version of Stuxnet. A TV news report added that the Iranians are “not admitting […] how much damage has been caused.”

The report came after Iranian Supreme Leader Ayatollah Khamenei said Iran needed to step up efforts to fight enemy “infiltration.” Reuters also reported that Gholamreza Jalali, the head of Iran’s civil defense agency, said, “Recently we discovered a new generation of Stuxnet which consisted of several parts … and was trying to enter our systems.” Jalali didn’t go into more detail.

Read more about this story on CSO.

Unconfirmed Reports: New Cyber Attacks Hitting Iran

This report highlights that all should be prepared when major geopolitical events occur. Attacks, actions and re-actions in the phyiscal world are known to directly result in actions in cyberspace. We should also point out that when big players like nations attack each other companies and even individuals can at times get caught up in the cross fire. It pays to keep thinking through how to raise your defenses.

From: TimesOfIsrael.com

Tehran strategic networks attacked, Hadashot TV says, hours after Israel revealed it tipped off Denmark about Iran murder plot, and days after Rouhani’s phone was found bugged

Iranian infrastructure and strategic networks have come under attack in the last few days by a computer virus similar to Stuxnet but “more violent, more advanced and more sophisticated,” and Israeli officials are refusing to discuss what role, if any, they may have had in the operation, an Israeli TV report said Wednesday.

The report came hours after Israel said its Mossad intelligence agency had thwarted an Iranian murder plot in Denmark, and two days after Iran acknowledged that President Hassan Rouhani’s mobile phone had been bugged. It also follows a string of Israeli intelligence coups against Iran, including the extraction from Tehran in January by the Mossad of the contents of a vast archive documenting Iran’s nuclear weapons program, and the detailing by Prime Minister Benjamin Netanyahu at the UN in September of other alleged Iranian nuclear and missile assets inside Iran, in Syria and in Lebanon.

 

Our recommendation: Raise your defenses, you don’t want to get caught in the cross fire on this one. Learn our latest best practices by reviewing the action plans on our Strategy Page.