Americans should be on heightened alert for cyberattacks after Iran fired more than a dozen missiles at two military bases in Iraq where U.S. troops are stationed late Tuesday.
The FBI said Wednesday that the bureau is “aware of the continued possibility that retaliatory actions could be taken against the United States and its interests abroad.”
“While there is no specific or credible threat to the homeland at this time, we urge the public to be vigilant and report any suspicious activity to law enforcement,” the FBI said.
On Monday Homeland Security urged cybersecurity teams to “enhance monitoring of network and email traffic,” including for email phishing attempts.
Iran, which has been linked to cyber attacks against Saudi Arabia and the Sands Las Vegas casino owned by Sheldon Adelson, could target private businesses and government infrastructure to avenge last week’s killing of its top military commander as tensions between Tehran and Washington reach one of their highest points since the 1979 Iranian revolution, security researchers say.
In retaliation for the U.S. drone strike that killed Qasem Soleimani in Baghdad, Iran could go after the power and electricity you use, the smart devices you carry or your bank account, they say.
“As these escalations continue to play out and definitely in wake of Soleimani’s death, America needs to be prepared for retaliation,” said Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab. “Are we being attacked online? No, not that we can prove and not that is having an impact that is blatant or at scale or moving the needle on public conversation or crippling any infrastructure.”
Cyberwar with Iran:How vulnerable is America?
A cyber conflict has been silently raging for years. Even if no attack from Iran occurs in coming weeks, “the danger zone will extend for years,” warned Steven Bellovin, a computer science professor at Columbia University School of Engineering.
For nearly a decade, Iran has been building up its cyber arsenal and is now considered among the major nation-state threats to the security of the U.S.
“The Iranian regime has demonstrated greater appetite towards destructive or disruptive cyber-attacks in peacetime than any other nation,” say Ed Parsons and George Michael, who research cyber threats to the private sector.
Secretary of State Mike Pompeo acknowledged last week that Iran could unleash cyberattacks.
“The Iranians have a deep and complex cyber capability, to be sure,” Pompeo said on Fox News. “Know that we have certainly considered that risk.”
On Saturday, the Department of Homeland Security warned Americans that Iran is capable of launching cyberattacks with “temporary disruptive effects” against critical U.S. infrastructure, though it had “no information indicating a specific, credible threat to the Homeland.”
‘This was an act of war’:Lawmakers react to Iran’s missile strike on US military bases
The National Terrorism System advisory recommended that Americans take precautions by backing up data and using two-factor authentication for sensitive accounts.
Acting Homeland Security Secretary Chad Wolf tweeted that the bulletin was intended to “inform & reassure the American public, state/local governments & private partners that DHS is actively monitoring & preparing for any specific, credible threat, should one arise.”
On Sunday, a federal website went offline after a hacker uploaded photos to the site that included an Iranian flag and an image depicting a bloodied President Donald Trump being punched in the face.
The images appeared on the Federal Depository Library Program program’s website late Saturday before the site was taken offline. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said it was monitoring the situation.
“We are aware the website of the Federal Depository Library Program was defaced with pro-Iranian, anti-US messaging,” the cybersecurity agency said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible.”
The statement added that “in these times of increased threats” all organizations should increase cyber monitoring, back up IT systems, implement secure authentication and have an incident response plan ready should a hack take place.
CrowdStrike, a cybersecurity firm that warned of increasing cyberattacks by Iran earlier this year, said Monday that industries such as oil and gas and electricity could be targets.
“CrowdStrike Intelligence believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests,” the company said. “Our current assessment is that organizations in the financial, defense, government, and oil and gas sectors are the most likely targets for retaliation activity.”
What we know:US military bases attacked by Iran have hosted Trump and Pence, damage unclear
CrowdStrike said it was monitoring for denial of service and ransomware attacks, tools frequently deployed by Iranian hackers.
Iran intensified its cyber warfare capabilities after the Stuxnet computer worm, a program believed to have been run by the United States and Israel, was uncovered. The worm destroyed nuclear centrifuges at the Natanz uranium enrichment plant.
“Stuxnet caused Iran to really wake up: ‘Hey this cyber stuff is really powerful. We can do this, too.’ And unlike nuclear weapons, it doesn’t take a huge industrial infrastructure,” Bellovin said.
“Iran’s abilities have gotten noticeably stronger over the last 10 years,” with hackers targeting major U.S. financial institutions, universities and companies, he said.
Bellovin warns that it could take years for Iran to launch a cyberattack. American companies should shore up their defenses accordingly, he said.
“I worry about companies letting down their guard,” Bellovin said. “If people get an alert and then after three weeks revert to business as usual, two years from now they may find themselves hit badly.”
Contributing: Kevin Johnson