Connect with us

Cyber Security

Soleimani killing will likely result in reprisal cyberattacks by Iran

Avatar

Published

on

Soleimani killing will likely result in reprisal cyberattacks by Iran

The U.S. drone strike that killed Iranian General Qasem Soleimani in Baghdad is expected to generate kinetic reprisal strikes from Iran, but cyber experts say cyberattacks are also likely.

Soleimani was the commander of Iran’s Quds Forces – named as a terrorist organization by the U.S. – and has been blamed for dozens of attacks in the Middle East along with more recent incidents including the killing of an American contractor in Iraq and a Dec. 31 attack on the American embassy in Iraq. The attack that killed Soleimani was sharply criticized by Iran’s Supreme Leader Ayatollah Ali Khamenei, who has vowed “harsh revenge,” according to a statement published to his official website.

Exactly how and when any retaliatory strikes will be conducted is being hotly debated, but Iran’s well-known cyber apparatus is likely to play a role and that companies, organizations and government bodies need to prepare.

“Iran poses a serious threat to the United States, both in physical and cyber operations. They have a known history of launching attacks on critical infrastructure, government and private sector businesses, and they have the resources to do so. Their Advanced Persistent Threat groups are highly skilled and very likely prepared to launch attacks,” said Charity Wright, security intelligence threat researcher at IntSights and a former cyber threat intelligence analyst with the U.S. Army and the National Security Agency.

Over the years a wide array of attacks have been attributed to Iranian and Iranian government-backed groups. In October, Tom Burt, Microsoft’s corporate vice president of customer security and trust, wrote that in a 30-day period between August and September, the Microsoft Threat Intelligence Center observed the Iranian group Phosphorus (aka Charming KittenAjax Security Team and APT35) making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attacking 241 of those accounts.

Phosphorus has been targeted by U.S. law enforcement in the past, with Microsoft having received a court order in March 2019 to take over and pull down its domains. The organization was also blamed for targeting U.S. and Arab officials in response to U.S. sanctions placed on Iran.

“This can’t be ignored in the game of nations, and Iran’s response will most likely include a cyber response. In fact, Iran is an intelligent cyber opponent with an army of people testing our systems every minute of every day. It is the ultimate game of cat and mouse. But in this instance, the consequences could be lasting,” Sam Curry, CISO of Cybereason, told SC Media.

In some manner a cyberwar is already being fought between the U.S. and Iran. It is widely understood that America launched the Stuxnet attack that helped hinder Iran’s nuclear weapons program, and more recently in early summer 2019 the U.S. launched a secret cyberattack that took out an Iranian database used by Islamic Revolutionary Guards Corps to plan attacks against oil tankers in the Persian Gulf.

“The U.S. strike that killed Qassem Sulemani is likely to generate some significant response from the Iranian,s and that response could very well come in the form of a major cyberattack. “In this heightened threat environment, companies in key critical infrastructure industries should be working together to identify potential threats and defend one another by sharing critical cyber threat information at scale and speed, to create a collective defense capability,” said Jamil N. Jaffer, a vice president with IronNet Cybersecurity.

Jaffer is a former senior
national security official in the Justice Department and the Bush White House.

Wright agreed, noting Iran will likely zero in on a variety of targets and use all of its highly-developed cyber weapons and operational groups.

“Each group will likely have their own tasks and purpose. Some of these activities include espionage, counterintelligence collection and destructive malware. They will likely target U.S. and Israeli military, government and critical infrastructure,” she said, adding that such attacks could be devastating if the target is ill-equipped with proper defense.

Attacking on the cyber front instead of using conventional military forces makes a great deal of sense for a nation like Iran, which has some regional military capabilities, but cannot truly project power like the United States.

“There is no doubt Iran will retaliate. However, they will be looking for a way to appear both powerful and credible militarily at this pivotal point, without appearing to be a regional bully that traditionally relies on two-bit terrorist actions because they lack a robust advanced military response capability that could challenge the U.S. head on. Showing off their offensive cyber capabilities, and the reach it provides them beyond the region, could very well be a part of their most likely course of action,” said Hank Thomas, CEO at Strategic Cyber Ventures.

Launching a cyber, as opposed to missile or air, counterattack also supplies Iran with the level of plausible deniability that can help shield that nation from from international scrutiny and blame, said Richard Henderson, head of global threat intelligence at Lastline.

“The very nature of asymmetric warfare means that Iran has very little to lose by doing so: cyber warfare is now being treated as a force multiplier by smaller nations against much more powerful nations like the United States,” he said.

Some of the work previously done by the U.S. and other forces has already dented Iran’s cyber abilities.

“Recent disclosures about
how Iranian cyber groups operate has left them scrambling to change tactics and
cover past operations. This does give Iranian opposition an advantage,” Wright
said.

Companies and governmental organizations that could find themselves in Iran’s cyber cross hairs should use this time to prepare.

“Now would be a great time to validate your business continuity and disaster recovery plans as well. Can you restore your systems and data if needed?  Wiper tabletop exercises help with extortion and ransomware planning as well. For most organizations, these controls should be sufficient.  For companies with Iranian threat actors in their threat model, like Industrial Control System operators, heightened security monitoring is essential,” Rick Holland, CISO, Vice President of Strategy at Digital Shadows, told SC Media.

Lasline’s Henderson added, it would behoove organizations to send out immediate alerts to all employees to be extra vigilant in the coming weeks and months: don’t open ANY attachments from any external source that you aren’t expecting to receive. If you get something from someone, call them on the phone directly and verify they actually did send you something. Don’t click on any links inside emails without triple checking they are actually going where they’re supposed to go.

Published at Mon, 06 Jan 2020 11:34:20 +0000

Continue Reading

Cyber Security

Pending Data Protection and Security Laws At-A-Glance: APAC

Avatar

Published

on

In our continuing quest to provide a global overview of cyber-related legislation and regulation we have focused on the latest laws protecting PII in the United States, Regulation through Global Data Protection and Security Laws, and APAC Data Protection and Security Laws. This is an overview of 3 soon-to-be-enacted regulations that will change the APAC data privacy legal landscape.

CHINA

On June 1, 2021, the National Standard of Information Security Technology – Guidelines on Personal Information Security Impact Assessment will go into effect. According to global law firm Detons, “The Guidance aims to guide the assessment of the potential impacts on individuals’ rights and interests as well as the effectiveness of security protective measures adopted when carrying out personal information processing activities, which is similar to the data protection impact assessment (“DPIA”) under the EU General Data Protection Regulation (GDPR).”

Draft PIPL

On October 21, 2020, a draft PRC Personal Information Protection Law (Draft PIPL) was published for review. Similar in many ways to GDPR, the PIPL, if passed, will require:

  • Organizations outside China that fall within the PIPL’s scope are required to appoint representatives or establish entities within China responsible for the protection of personal information
  • Personal Information Processors are required to perform and maintain a record of risk assessments where processing activity may have a significant impact on individuals, including international transfers of personal information, processing of sensitive personal information, automated decision-making, and disclosure of personal information to third parties.
  • That the processing of personal information must be lawful. In other words, there must be a legal basis for processing data such as consent
  • Individuals are informed that processing is happening, to restrict or object to the processing of their data, and to obtain a copy of, update, or delete their information.

Furthermore, it outlines strict requirements for international transfers of personal information. In addition, penalties for noncompliance have yet to be finalized but are so far rather austere. Proposed sanctions include the suspension of business activities and revocation of business permits or licences, the “blacklisting” of companies and fines up to 5% of a company’s yearly earnings. 

JAPAN

On June 5, 2020, the Japanese legislature passed several amendments (“Amendment Act”) to the Act on Protection of Personal Information of Japan (“APPI”) created to expand protections for personal data and impose new obligations on all businesses that use personal data for business purposes, including non-profit organizations.

Slated to go into effect the spring of 2022, one of the major changes it will bring about are new provisions expanding an individual’s rights to require the deletion or disclosure of personal information (‘PI’):

  • where there is a possibility of violating the data subject’s rights or legitimate interests
  • in the event of a breach of the APPI via transfer to a 3rd party
  • to include short-term data which is kept for 6 months or less; and
  • allowing the data subject to request the format of the disclosure of their data, including in a digital format.

India

Inspired by GDPR, India’s Personal Data Protection Bill (PDP) was introduced to overhaul India’s current data protection regulations outlined in the Information Technology Act of 2000. As that act was mainly concerned with ensuring the legal recognition of e-commerce within India, it does not include specific legislation on data protection aside from establishing the right to compensation for improper disclosure of personal information.

According to the bill’s preamble, the goal of PDP is to “create a collective culture that fosters a free and fair digital economy, respecting the informational privacy of individuals, and ensuring empowerment, progress and innovation through digital governance and inclusion.” Similar to GDPR, PDP establishes data privacy as a fundamental right and calls for the creation of an independent new regulatory authority, the Data Protection Authority (DPA), to carry out this law. 

In terms of how PDP and GDPR differ, you can find a comprehensive comparison of the two laws here. In summary though, the differences can be boiled down into 3 key areas:

  • India’s central government retains the power to exempt any government agency from the bill’s requirements for reasons such as national security.
  • The government now has the right to order firms to share any of the non-personal data they collect with the government
  • Personal and sensitive data must be stored and processed in India. Though there are exceptions to these rules, PDP’s restrictive regulations pose a number of challenges for organizations looking to do business in India and are, therefore, one of the most hotly contested provisions in the bill. 

Though DLA Piper expects the law to go into effect in late 2021, other legal experts aren’t so sure. Ongoing backlash pertaining to a number of its more restrictive provisions have resulted in multiple revisions and delays.  In addition to the issues surrounding data localization mentioned before, the bill “has also attracted criticism on various grounds such as the exceptions created for the state, the limited checks imposed on state surveillance, and regarding various deficiencies in the structures and processes of the proposed Data Protection Authority,” according to The Hindu

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.cshub.com/executive-decisions/articles/pending-data-protection-and-security-laws-at-a-glance-apac

Continue Reading

Cyber Security

Wormable Windows Bug Opens Door to DoS, RCE

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/wormable-windows-bug-dos-rce/166057/

Continue Reading

Cyber Security

GitHub Prepares to Move Beyond Passwords

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/github-security-keys-passwords/166054/

Continue Reading

Cyber Security

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/adobe-zero-day-bug-acrobat-reader/166044/

Continue Reading
Esports43 mins ago

Valve launches Supporters Clubs, allows fans to directly support Dota Pro Circuit teams

Aviation52 mins ago

US Airlines Join UK Partners In Calling For A Travel Corridor

Cyber Security52 mins ago

Pending Data Protection and Security Laws At-A-Glance: APAC

AI1 hour ago

Build a cognitive search and a health knowledge graph using AWS AI services

PR Newswire1 hour ago

HITEC 100 2022 – El periodo de nominaciones ya está abierto

Blockchain2 hours ago

QAN Raises $2.1 Million in Venture Capital to Build DeFi Ecosystem

Blockchain2 hours ago

Balancer V2 is Live Promising Lower Fees and Improved Experience

PR Newswire2 hours ago

Yakima Chief Hops lanza un nuevo producto para llevar el verdadero aroma del lúpulo a las cervezas de todo el mundo

Blockchain2 hours ago

Palantir Accepts Bitcoin for Payments and Considers Adding BTC to Balance Sheet

Blockchain2 hours ago

eBay Now Allows the Sale of NFTs on its Platform

Blockchain2 hours ago

Hackers Attack Instagram Accounts in Malta and Require Bitcoin Ransom

Fintech2 hours ago

Bankjoy Inks Partnerships with a Trio of Credit Unions

Fintech2 hours ago

Bankjoy Inks Partnerships with a Trio of Credit Unions

PR Newswire2 hours ago

Walker & Dunlop Completes $55 Million Sale for Trophy Multifamily Community in Los Angeles, CA

PR Newswire2 hours ago

ICC Holdings, Inc. Reports 2021 First Quarter Results

PR Newswire2 hours ago

1Q21 Results: Telefônica Brasil S.A.

Energy2 hours ago

Aris Gold Announces Q1 2021 Results and AGM Voting

Blockchain2 hours ago

Mining Bitcoin: How to Mine Bitcoin

Esports2 hours ago

How to get the new Stasis Aspects in Destiny 2’s Season of the Splicer

Esports2 hours ago

How to get the new Stasis Aspects in Destiny 2’s Season of the Splicer

Aerospace2 hours ago

Space Force seeks bids for rocket engine testing and space transportation technologies

Blockchain2 hours ago

Will LoserCoin be China’s answer to DOGE?

Energy2 hours ago

Battle North Announces Results of its 2021 Annual General and Special Meeting of Shareholders

Energy2 hours ago

Battle North Announces Results of its 2021 Annual General and Special Meeting of Shareholders

Esports2 hours ago

Magic World Championship XXVI set for October

Esports2 hours ago

Magic World Championship XXVI set for October

Energy2 hours ago

Zhang Yuzhuo, presidente da Sinopec: acelerar a construção de uma marca de classe mundial para liderar melhor o desenvolvimento de alta qualidade da empresa

AR/VR2 hours ago

Report: PSVR 2 May Feature 4K Visuals, Eye-Tracking, Haptics

Energy2 hours ago

SandRidge Energy, Inc. Reports Financial and Operational Results for the First Quarter 2021

Energy2 hours ago

SandRidge Energy, Inc. Reports Financial and Operational Results for the First Quarter 2021

Trending