Now that tensions in the Middle East have risen, cybersecurity professionals around the world are on increased alert. Everyone acknowledges Iran has developed a significant arsenal of cybersecurity attacks and techniques. Less known is how much control over those attacks Iran might be able to retain once they are launched. There is a high probability that any cyberattack launched by Iran is likely to inflict a significant amount of collateral damage across a range of companies and organizations that were not the original intended target. In many cases, it’s not even clear Iran is exercising any real control over the actions of other actors that have expressed sympathy for Iran and its causes.
The FBI and Department of Homeland Security (DHS) have issued a bulletin to law enforcement groups warning of the potential for Iran to target the U.S. with both cyber and physical attacks. State and local government officials have been passing similar warnings along to the public. Texas Gov. Greg Abbott is warning citizens to be “particularly vigilant” regarding potential cyberterrorism from Iran.
Citing data made available by the Texas Department of Information Resources, Abbott said that as many as 10,000 attempted attacks per minute from Iran had been detected over a 48-hour period on state agency networks.
At the same time, U.S. Representatives Emanuel Cleaver, II (D-MO) and Gregory Meeks (D-NY) sent a letter to nine separate federal financial regulators calling for them to strengthen their cyberinfrastructure against possible attacks.
Officials in Saudi Arabia, meanwhile, disclosed they have discovered a new variant of data-wiping malware that cybersecurity analysts suspect originated with Iranian hackers.
It’s not clear to what degree those attacks might have been planned before the assassination of Iranian general Qasem Soleimani. However, the one thing that is for certain is Iran has a demonstrated capability to launch cyberwarfare attacks.
Of course, Iran is not the only country moving to weaponize malware. Savvy cybersecurity professionals have been taking note of a global trend where countries large and small are developing cyberwarfare capabilities. The problem this creates for cybersecurity professionals is an act of aggression on the other side of the physical world could trigger in response to a wave of cybersecurity attacks. The challenge is that cybersecurity fatigue becomes a real danger. Cybersecurity teams that are constantly on a high state of alert are not going to be as effective over time. Unless organizations can afford to hire additional cybersecurity professionals, many of them may soon find themselves forced to rely more on machine learning algorithms and other forms of artificial intelligence (AI) to be alerted to not just potential attacks, but also discover dormant malware that has already infected their systems.
Of course, not all forms of cyberwarfare will manifest themselves as a single event. Many nation-states have made it clear they are simply trying to sow the seeds of disruption if for no other reason than to aggravate a perceived rival. Whatever the motivation, cybersecurity professionals now need to pay a lot more attention to geopolitics. The challenge, of course, is to not exhaust limited cybersecurity personnel resources to the point where they’ve got nothing left to give once a real cybersecurity attack is finally underway.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.