Since my previous post on the matter dated November 2nd, 2017, Iran keeps on waging its cyberwarfare against its neighbors and (sadly enough) also its citizens. Their continuous cyberwarfare efforts translate into an increasing number of attacks launched by hackers backed by the Iranian regime and its proxies have shown a mix of sophisticated as well as very simple attacks.
Countries such as Israel and Saudi Arabia are bombarded endlessly by Iran’s cyber army and its devious allies, focusing on critical infrastructure and key personnel in the military and government, as well as scientists and financial institutions. These attacks test the cybersecurity defense solutions of the targets and keep their cybersecurity staff on high alert.
As mentioned above, Iran is also using cyberwarfare on its own citizens. Reports by numerous sources are saying that Iran’s Revolutionary Guard Corps (IRGC) has allegedly created apps that are downloaded by or unwittingly installed onto Iranian civilians’ phones and then used as tools to spy on them. That has helped the IRGC to cripple the civilian protests and take control of the latest uprising, which took place at over a hundred locations around Iran over a month ago.
For more than a decade, Iran has been investing in its cyberwarfare. It started by hiring foreign specialists and went on to learn and acquire the “necessary” capabilities on its own. Iran is probably not going to stop using third-party cyber weapons but is also focusing on creating its own arsenal by stealing or replicating ones that are already out there. Iran’s ambition will not stop at targeting its regional opponents and its own dissidents, but will also target many other countries along with their civilians that are deemed hostile towards Iran.
We need to start thinking like our adversary by analyzing the posed risk. We also need to figure out where the attack could come from and in which form. Based on this intelligence, we can build a robust and strong security framework comprised of security solutions, expert personnel, training, and awareness which must be tested periodically.
Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of the Cymulate Exposure Management and Security Validation platform.
Don’t speculate, Cymulate