Amid rising tensions between the United States and Iran after the former killed powerful Iranian Major General, Qassem Soleimani, in an airstrike in Baghdad last week, experts and U.S. officials believe that Iran will retaliate with cyberattacks.
Shortly after launching two-dozen missiles at two U.S. military bases in Iraq last week, Iran's foreign minister tweeted saying that it had "concluded" its "proportionate" response to the assassination of Soleimani. However, officials in the U.S. military believe Iran is not done yet and is likely to continue its attack on the West via cyberattacks against the U.S. government, stock markets, companies, high-profile individuals, and even possibly the 2020 elections.
Iran planning cyberattacks against the US?
"I don't think Iran is finished," Jon Bateman, a former Iran expert at the U.S. Defence Intelligence Agency told Newsweek. According to him it's likely that they will move forward with "follow-on actions that are more covert or more plausibly deniable. Cyber classically is one of the tools."
Even though Iran isn't considered one of the world's most formidable cyber threats and still lags behind Russia and China, the nation is still capable of causing a great deal of disruption. Iran-based cyber criminals have expanded their reach significantly since 2012, when they launched a series of distributed denial-of-service (DDoS) attacks against companies in the US.
Over the years, the cybersecurity arm of Iran's Islamic Revolutionary Guard Corps, as well as government-supported private sector contractors, have bolstered their arsenal with new tools and weapons.
This will allow attackers to hijack accounts and use phishing campaigns to steal confidential information, and include malware designed to disrupt operations, according to a National Cyber Awareness System alert issued by the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier this month.
Iran to use Wiper Malware?
Iran has also "demonstrated a willingness" to use wiper malware, CISA pointed out in its alert. Wiper refers to a class of malware whose intention is to wipe the hard drive of the computer it infects and then destroy the machine's master boot record, making it impossible for the computer to boot up again.
Just like any other type of malware, Wiper also depends on a number of methods to infect devices initially, and once it gains access, it can steal information or execute unauthorized code. The malware is extremely dangerous because it isn't concerned about being stealthy as its main objective is to render the machine useless.
"Don't expect DDoS this time, [Iran] won't view it as a proportionate response," says Hank Thomas, the CEO of cybersecurity venture capital firm Strategic Cyber Ventures. "The Iranians will want to respond with something violent in the physical domain, and destructive in the cyber domain."
In 2012, the destructive data-wiping malware was used in the Shamoon attack, in which tens of thousands of computers belonging to Saudi oil giant Aramco were destroyed. The malware attack is believed to have originated from Iran.
Just last week, the Saudi National Cybersecurity Authority (NCSC) identified an attack using the Dustman wiper malware against Bapco, Bahrain's national oil company, as noted by ZDNet. While Saudi officials did not name Iran as the culprit, analysts familiar with the attack told CyberScoop that the attack shared technical similarities to previous hacking that have originated from Iran.