The latest round of Iran sanctions announced by Trump earlier this week are likely to result in retaliatory cyberattacks on US businesses, a cybersecurity expert has warned.
When the US announced in May that it would withdraw from the Joint Comprehensive Plan of Action (JCPOA), better known as the Iran Nuclear Deal, Priscilla Moriuchi, director of strategic threat development at Recorded Future, warned that this would result in cyberattacks on US businesses.
“We assess that within months, if not sooner, American companies in the financial, critical infrastructure, oil, and energy sectors will likely face aggressive and destructive cyberattacks by Iranian state-sponsored actors,” Moriuchi said at the time.
While there have not yet been any notable attacks in response to the Iran Nuclear Deal’s abandonment, she believes that the current Iran sanctions being enacted by Trump will likely accelerate cyberattacks currently being developed.
“As we assessed several months ago, the U.S. withdrawal from the JCPOA would provoke an Iranian government response in the form of a cyber operation within two to four months. The re-imposition of US sanctions will likely add fuel to the ongoing preparations,” she said.
Iran’s cyberattacks on US businesses and infrastructure
Iran has a history of cyberattacks on US businesses and infrastructure.
In May of this year, the US charged and sanctioned nine Iranian citizens and an Iranian company for a widespread, large-scale cyber campaign targeting universities, businesses and parts of the US government from 2013 onwards. The group were said to have been acting on behalf of the Iranian government.
The country is believed to have sophisticated cyber capabilities, using attacks as a retaliatory tool rather than to exert political influence or steal intellectual property, as Russia and China have been respectively accused on doing.
Cybersecurity chatter increasing as Iran sanctions bite
While it is not clear exactly what form an attack may take, cybersecurity experts have seen an increase in what is known as “chatter” relating to Iranian cyber activities, meaning there has been more traffic and communications around the subject of late.
“While we have no specific threats, we have seen an increase in chatter related to Iranian threat activity over the past several weeks,” said Moriuchi.
Recorded Future warns that the country could be gearing up to attack businesses operating in vital areas within the US.
“We anticipate that the businesses likely to be at greatest risk are in many of the same sectors that were victimised by Iranian cyberattacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy,” she said.
Also concerning, however, is that once these attacks are begun, Iran may not have full control over how they play out, potentially creating disastrous knock-on impacts for businesses.
“Based on previous research, we also assess that these cyber operations may be staffed with less trusted contractors which could result in a scenario where the Islamic Republic has difficulty controlling the scope and scale of the cyberattacks once they have begun.”