Start the new year by making good backups of your data. This is always good advice, but it holds new urgency given the increased tension between Iran and the United States. And "good" backups means backups that are current, easy to access, and easy to use for restoration. It might not hurt to take a few screen grabs of your online banking accounts, so you have paper records of your financial life. Also, add a heaping dose of skepticism to anything you read on social media—for that matter, any media—as disinformation campaigns will almost certainly arise.
That's the smartest strategy most of us can deploy in the face of a warning issued Saturday by the Department of Homeland Security about potential retribution from Iran that might take the form of cyberattacks.
The warning came as U.S. officials try to prepare the American public for attacks coming from Iran or Iran-supported proxies as retribution for the killing of Iranian military commander Qassem Soleimani.
"Iran maintains a robust cyber program and can execute cyber attacks against the United States," the warning says. "Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States."
It's unclear that Iran has the capability to conduct a major attack on the U.S. power grid or other critical infrastructure. Still, it wouldn't hurt to prepare for potential electrical disruptions by having some extra cash on hand and a full tank of gas in the car.
Hackers either acting at the direction of Iran or on their own could take a number of other steps to inflict digital damage on U.S interests and U.S. citizens. Back in June, well before the current increased tensions between Iran and the U.S., the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued a sharply-worded warning about Iranian hackers targeting U.S. industries and government agencies with so-called "wiper" attacks, intended to destroy digital assets.
"CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies," the agency wrote. "Iranian regime actors and proxies are increasingly using destructive 'wiper' attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network."
The agency recommended consumers take extra steps to be alert to such attacks, and to report them to Homeland Security immediately at this site.
Saturday's warning was less specific, but more wide-ranging.
"Iran likely views terrorist activities as an option to deter or retaliate against its perceived adversaries. In many instances, Iran has targeted United States interests through its partners such as Hizballah," Homeland Security warned. "Homegrown Violent Extremists could capitalize on the heightened tensions to launch individual attacks."
There is a long history of cyberwarfare between the United States. Back in 2010, security firms first detected the existence of Stuxnet, a computer virus developed by U.S. and Israeli forces designed to remotely destroy Iranian nuclear capabilities. (The definitive history of Stuxnet, Countdown to Zero Day, was written by Kim Zetter, who calls the virus the world's first digital weapon.)
Last year, U.S. officials claimed that in 2018, a cyberattack destroyed digital resources that helped Iranians shipping traffic in the Persian Gulf. That attack came after Iran shot down a U.S. drone.
Iran has done its share of hacking, too, leading some to conclude that a U.S.-Iranian cyberwar has been ongoing for nearly a decade already.
In 2009, a group calling itself the "Iranian Cyber Army" defaced Twitter's homepage in response to the Green Revolution.
Then from 2011 to 2013, dozens of U.S. banks saw their websites crippled by denial of service attacks during an extended campaign—preventing consumers from paying online bills or checking their accounts—that the U.S. Justice Department eventually blamed on Iran. In an indictment accusing seven Iranian hackers for the attacks, federal prosecutors also said the group unsuccessfully attacked the Bowman Avenue Dam in Rye Brook, New York.
At the time, I reported extensively on the hacker group (for CNBC and for NBC Nightly News, in 'Why Your Bank Website Might Soon Go Down'), which called itself the al-Qassam Cyber Fighters. The most chilling part of that operation—which disrupted banks for months—was their seemingly unstoppable nature. The hacker group would often post targets online, days in advance of the attacks. Still, at the time, banks were unable to ward them off.
In 2014, hackers infiltrated Sands Casino computers, causing $40 million in damage. U.S. officials blamed that attack on Iran.
Iranian hackers are blamed for large attacks outside the U.S., also. Iran has been accused of being behind an attack on Saudi Arabian oil firm Aramco that wiped the data from more than 30,000 computers.
At high risk are state and local government agencies around the country, which have shown themselves very vulnerable to attack in the past year. Security firm Emisoft says it tracked 966 government agencies, educational establishments and healthcare providers that fell victim to ransomware attacks in 2019, suffering losses in excess of $7.5 billion. The firm says impacted organizations included:
• 113 state and municipal governments and agencies;
• 764 healthcare providers; and
• 89 universities, colleges and school districts, with operations at up to 1,233 individual schools potentially affected
All that should put computer users on high alert for suspicious emails, Facebook messages, and Tweets with links. Good cyber hygiene is always important. Today, it's more important than ever.
This article appeared originally here on BobSullivan.net.
