US-Iran Conflict: Increased Geopolitical Risk From Cyber Attacks Based Out of Iran
Jordan Young & Julian Benz ● February 28, 2020
The Ayatollah, Ali Khamenei, Directs State-lead Cyber Initiatives of Iran
After the United States assassinated Major general Qasem Soleimani on January 3, 2020, many looked to Ayatollah Ali Khamenei for a response as he is responsible for Iran’s foreign policy. Khamenei is Iran’s Supreme Leader and head of state, as well as head of the Islamic Revolutionary Guard Corps (IRGC), sworn to protect the Islamic Republic.
Soleimani reported directly to Khamenei as the head of the IRGC’s Quds Force, Iran’s special elite unit responsible for foreign operations. Additionally, the Ayatollah had a personal connection to the assassination because Soleimani was one of his most trusted advisors.
Iran Geopolitical Risk Analysis: How Will Iran Avenge Soleimani’s Death?
The assassination of Soleimani, revered by many Iranians as an expectational military officer, led major news outlets to question if a war would break out between the United States and Iran. Actions taken by Khamenei have led VerSprite’s Geopolitical Risk practice (GPR) to conclude that Iran seeks to retaliate through a limited response rather than escalate tensions which could spark international conflict between the United States and Iran.
The Top 3 Reasons Why the Ayatollah Does Not Want to Escalate Tensions with the United States:
1. Domestic Upheaval: Iranian Protesters Pressuring Islamic Government
The resurging demonstrations by progressive protesters are a clear indicator that large parts of Iran’s society demand reform and oppose escalating aggression with the West. Khamenei must walk a tightrope between appeasing radical fundamentalists who demand revenge for the assassination of Soleimani and appearing to modernize the Islamic republic.
The demonstrators continue to openly protest despite the brutal crackdowns by the regime to dissuade protesters, such as the regime’s intervention in protests related to surging gas prices on November 15, 2019, which resulted in 1,500 deaths. Protestors also gathered to call for Khamenei to step down after the regime attempted to cover-up the downing of flight PS752. The regime responded by shutting down internet connections on January 13, 2020.
2. Iranian Allies Offer Financial & Military Support
Iran cannot afford to break economic and strategic ties with Russia and China as both countries provide Iran financial and military support, especially as the United States reinstated sanctions on Iran.
Russia’s main interests are Iran’s vast natural resources and preventing America’s strategic access to the Caspian Sea. China seeks to secure shipping lanes through the Persian Gulf, as demonstrated by a joint naval drill that Chinese, Russian, and Iranian navies conducted in December 2019.
3. The Superior Military & Stronger Economy of the United States
Strategically, engaging in a physical confrontation with the United States is an unpromising endeavor for Khamenei. The United States possesses far superior military capabilities and a stronger economy.
Although the precision with which Iran guided its short-range missiles surprised military experts, Iran does not pose a critical threat to the United States and its regional allies. The fragile domestic situation and the regime’s reliance on its strategic international partnerships restricts the actions of the Ayatollah.
While Iran’s military presence in the Middle East should not be underestimated, neither China nor Russia have any interest in getting dragged into a potential confrontation with the United States. VerSprite believes in the unlikely event of the United States entering a war with Iran, any ensuing power vacuum in the region would also be exploited by ISIS, as done before in Iraq and Syria, a result Russia seeks to avoid.
Iran’s State-Sponsored Threat Actors Can Conduct Sophisticated Cyber Attacks
The Office of the Director of National Intelligence (ODNI) claims that Iran’s Revolutionary Guard Corps (IRGC), responsible for Iran’s offensive cyber capabilities, use increasingly sophisticated cyber attack methods. In December 2019, the National Cybersecurity Authority of Saudi Arabia attributed Iran to employing Dustman, a new data-wiping malware, against Bapco, Bahrain’s national oil company. Dustman can disrupt computer processes and overwrite data on targeted computers. Iran’s abilities to research and target energy companies in the Middle East, as well as develop new wiper malware, demonstrate Iran can conduct sophisticated cyber attacks.
Additionally, experts suspect Russia collaborated with Iran during the 2017 Triton attacks against a Saudi Arabian Chemical Company. This attack set a precedent for joint cyber-offensives. Iran’s willingness to collaborate with Russia, suggests Iran learns from Russia: a country known to manage cyber-forces who conduct highly sophisticated cyber attacks.
Cyber Espionage Campaigns Originating from Iran are Likely to Increase
Cyber espionage campaigns provide Iran strategic assets, especially in case of future conflict. Cyber espionage campaigns provide Iran’s Revolutionary Guard Corps information on the activities of American businesses and government agencies. Furthermore, espionage campaigns allow Iran to discover vulnerabilities which would be exploited during periods of heightened conflict between Iran and the United States.
Countries such as China, North Korea, and Russia frequently target American businesses without the United States retaliating through a physical counterstrike. Hence, cyberwarfare presents an opportunity for Iran to gain strategic assets without great financial costs.
The strength of the United States military will not deter cyber attacks from Iranian threat actors.
Funding a cyber division is cheaper than purchasing equipment and financing ground force deployment. Indeed, domestic counter-terrorist units already claim cyber-based espionage attempts conducted by Iran on businesses in the United States increased since the assassination.
VerSprite also reminds readers the United States Cyber Command focuses on protecting critical infrastructures. Protecting American-based businesses and other institutions from espionage-based cyber attacks is unrealistic due to the number of businesses located in the United States and the finite resources of Cyber Command. Businesses should therefore consider mitigating cyber-related risks their companies may face, due to rising tensions with Iran, as their own responsibility.
Should Your Organization Be Concerned About Cyberwarfare?
Who Should Consider Risks Posed by Threat Actors Based Out of Iran?
VerSprite expects Iran to target financial institutions located in the United States. In 2016,the Justice Department of the United States, indicted seven Iranian state affiliated threat actors for disrupting forty-six major financial institutions based in the United States from 2011 to 2013. Two strategic interests explain Iran’s motivations for targeting United States financial institutions; these two strategic interests are present in international relations:
Iran targeted United States financial institutions after the Stuxnet virus, allegedly developed by both the United States and Israel, hampered Iran’s nuclear development program.
From 2011 to 2013, international tensions between the United States and Iran flared, likely compelling Iran to use its cyberwarfare capabilities.
As Iran targeted financial institutions in response to the United States exploiting cyberwarfare capabilities against Iran and during an international conflict between the United States and Iran, the probability that operatives of Iran’s Revolutionary Guard Corps will target financial institutions is once again, is heightened. Financial institutions should note the losses ensued by the 46 financial institutions was not due to theft; Iranian based threat actors did not steal funds from the victims of these attacks.
Instead, Iranian state-affiliated threat actors hampered potential earnings of these financial institutions by disrupting the services they offered. Overall, VerSprite Geopolitical Risk practice concludes financial institutions face a moderate risk from threat actors with state ties to Iran. The probability they will target financial institutions is moderate and the attacks disrupted services.
Information Security Officers of Publicly Accessible Government Websites
Those who defaced the United States Federal Depository Library Program, Texas Department of Agriculture and a Veterans group in Alabama using cyber-based methods also claimed to have pro-Iranian sentiments. These small-scale attacks by hacktivists and cyber criminals may increase in frequency but will not increase in sophistication. Furthermore, these non-state-based threat actors usually target government agencies for political and religious motives, not financial.
Regional Oil and Gas Industries
Although the physical responses by both Iran and the United States appear to have concluded, allies and affiliates of the United States based in the Middle East should be aware of Iran’s capabilities to exploit either system or infrastructural vulnerabilities.
In the past, Iran exploited cyber-based weaknesses of oil and gas sector-related industries to artificially increase prices of crude oil and gas, which represents 82% of Iran’s exports. Business executives should know numerous cyber attacks on oil and gas sector-related industries are often difficult to definitively attribute to Iran. Iran desires to cause damage without facing either legal repercussions or reputational costs. Companies should therefore not expect to be able to establish cases in front of international courts of law with the hopes of either receiving justice or remediation for the damages ensued by Iranian-based cyber attacks.
Geopolitical Risk Consulting Expertise
VerSprite is a cybersecurity consulting firm which specializes in providing businesses risk management solutions. Practice areas of VerSprite include application technology solutions, development interface specializations, governance and compliance measures, and more. VerSprite’s Geopolitical Risk (GPR) practice focuses on mitigating cybersecurity risks foreshadowed by geopolitical occurrences. Organizations can learn about their threat environments by contacting VerSprite’s security experts.
Traditional services of GPR include conducting due diligence investigations, vetting vendors and partners, preparing for businesses for expansion, and assessing the effectiveness of cybersecurity plans or strategies. Learn more →
A Quick Guide to Geopolitical Risk [EBook]
Cybersecurity and geopolitics are inextricably linked. To holistically tackle threats to our information security, we must take a step back and examine their causal roots and drivers, which take place day after day on the international stage.