The Department of Homeland Security sent out a warning about potential attacks from Iran following the United States’ bombing of three nuclear facilities. While the warning said most of the on-the-ground retaliation would focus on the Middle East, the department also said in increase in cyberattacks is possible.
So the question is: How much should you worry about cyberattacks? The answer, one expert says, may depend on who you work for. And whether the fighting is on hold for now, really doesn’t matter.
Other WRAL Top Stories
“Cease fire, no, cease fire. Cyber activity will never cease,” says Art Ehuan, the Executive Director for Duke’s Cybersecurity Master’s Program.
Live threat maps from several cybersecurity firms show the United States is one of the most targeted countries in the world. We’re also a leader in originating attacks, but one main difference, a lot of the countries at the top of the attacker list have state-run programs.
Ehuan considers Iranian government groups to be a second tier threat actor in the cyber domain, behind first tier actors in Russia, China and North Korea.
"The Iranians are more, they get access, and they start conducting activity, malicious activity. They're not looking at the long-term positions that say the Chinese threat actor groups would use,” says Ehuan.
He believes Iranian groups would target based on an objective, rather than a blanket threat to ordinary people, saying “With the Iranian groups, when they are targeting individuals, it's for a specific reason, right? This individual works in government. This individual has access to critical infrastructure systems."
A spreadsheet of cyberattacks conducted by the Iranian government going back 20 years shows political and government organizations, broadcasters, and defense industry firms are some of the top targets.
That means employees who work in those sectors need to keep their guards up for phishing schemes via email or even smishing schemes involving fake texts. The goal is to simply find a way into a system to gather information.
Ehuan adds is always possible the general population could be targeted, especially with information previously stolen that sits on the dark web. However, he says those attacks would likely be initiated by Iranian or Islamic sympathizers who are part of existing hacking organizations.
One simple way to help protect your information is to enable two-factor authentication, especially on websites or apps that may hold critical or important information. That way, even if a password is stolen, hackers can’t gain access if you use something like facial-recognition to gain access.