The nation state threat posed by Iran and North Korea is very real. Both have evolved into formidable adversaries for both government and industry. When confronted with the knowledge that either of these country’s intelligence apparatus has their crosshairs ranged in on a country or company, there isn’t an infosec team that doesn’t belt themselves in for a bumpy ride.
Iran
Iran uses its cyber capabilities to support their foreign policy, circumvent sanctions, monitor dissidents and cause geopolitical rivals to invest heavily in defense of their critical infrastructure.
The number of entities that have been singed by the Iranians is sobering in its depth and reach. Saudi Arabia has identified Iran as the No. 1 regional threat. Saudi foreign minister Abel al-Jubeir was unambiguous at the Munich Security Conference when he stated, “Iran is the only country that has attacked us repeatedly and tried to attack us repeatedly. In fact, they tried to do it on a virtually weekly basis.” He noted the Saudis are taking steps to protect their data and train their “people in order to be able to engage in offensive operations.”
Iran successfully cyberattacked Aramco in 2012, which resulted in 30,000 computers being wiped and Aramco’s operations paralyzed. Along that same vein, in late-September 2017 FireEye issued an assessment pointing the finger at Iran for its active targeting of Western and Saudi aerospace and petrochemical firms. The FireEye assessment identified the Iranian group APT33 as having successfully engaged in economic espionage.
Need more evidence? Symantec identified Iranian cyber group “Chafer” as conducting cyberespionage operations against a plethora of countries’ infrastructures. Israel, Jordan, United Arab Emirates, Turkey and Saudi Arabia have all experienced the unwelcome touch and feel of the Iranian Chafer group. Symantec noted the group targeted “airlines, aircraft services, software and IT services companies serving the air and sea transport sectors, telecoms services, payroll services, engineering consultancies and document management software. Outside of the Middle East, Symantec has also found evidence of attacks against one African airline and attempts to compromise an international travel reservations firm.”
Then we have security firm CrowdStrike, which noted Iranian organizations were successfully engaging in cyberespionage against dissidents, NGO’s, think tanks and political activists. The number of companies fingering Iran for cyberespionage continues to grow.
We’re not done yet. The folks over at Siemens Energy issued a report indicating that 60 percent of companies see their operational technology at risk within the Middle East’s oil and gas sector. “In 75 percent of cases those questioned had experienced at least one security compromise resulting in confidential information loss or operational disruption in the OT environment in the last 12 months.” While Siemens isn’t pointing the finger at Iran or any other specific entity, the attacks are consistent with that which is being seen by others in the cybersecurity realm.
Source » securityboulevard