On Thursday, a federal grand jury indicted two Iranian hackers for election interference that included obtaining confidential voter information from at least one state’s election website for a cyber-based disinformation campaign targeting 100,000 Americans. Earlier this week, the U.S. government warned that Iranian hackers also have been on the ransomware offensive.
To Kevin Mandia, the CEO of cybersecurity firm Mandiant, Iran’s success in the hacking realm is no surprise, as the nation has been upping its cyber-offensive capabilities for years to take advantage of U.S. weaknesses.
Iran has progressed well beyond the first few stages of cyber evolution — defending its government in cyberspace and targeting its closest geographic foes, the immediate threats, which in Iran’s case would include the back and forth between itself and Israel in the cyber realm.
“There was a time when we responded to Iran, their operators looked like they just got out of the classroom,” Mandia said during an interview with CNBC’s Eamon Javers at the CNBC Technology Executive Council Summit in New York City on Wednesday. “And we’re like god, you know … they just compressed the C drive, why not just compress what you’re going to steal?”
“But that was 14 years ago,” said Mandia, who has been monitoring cyber campaigns by Iran since 2008. “Come today, they’re operating with efficiency, they’re operating with malware that can be updated. They have a framework where they can update their malware super fast,” he said. “So they can be very efficient … leapfrogging our defenses as they learn. And that’s kind of a frustration. I’ve seen most modern nations do have that capability …a framework where they can update quickly. Iran does have that framework.”
He said Iran also is part of a group of nation-state actors that have zero day capabilities — referring to a disclosed vulnerability for which no official patches or security updates yet exist even though exploitation by hackers can have severe consequences — the most frustrating of all types of cyberattacks.
FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith (left to right) talk with each other before the start of a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 in Washington, DC. The hearing focused on the 2020 cyberattack that resulted in a series of data breaches within several agencies and departments in the U.S. federal government.
Drew Angerer | Getty Images News | Getty Images
“Russia, Iran, Israel, China, they all have zero day components and zero day capability, whether they develop themselves or buy from someone, Iran’s gone through that rites of passage is well,” said Mandia, whose firm was the first to warn the U.S. government about the SolarWinds hack last year, the largest-ever attack on a software supply chain hitting both government agencies and private enterprise. The U.S. government alleges Russia was behind the hacking group that pulled off the cyberattack.
Mandia, who served in the U.S. Air Force, said the nation’s physical military assets are ahead of its cyber assets, and there is no clear advantage in the real of cyber warfare. “In the cyber domain, we don’t have dominance,” he said.
A U.S. workforce that is increasingly deployed on a global scale, as well as our early adoption of the internet economy and its evolution, all contribute to increased vulnerabilities as geopolitical rivals become more sophisticated in the cyber realm.
Even if the U.S. has the best zero day capabilities, the nature of cyber warfare doesn’t favor a win for the U.S., he said.
“My gut is we lose, because we’re in a glass house attacking mud huts. It’s just too asymmetric. And I don’t want to liken another country’s economy to a mud hut. But I’m saying in the cyber domain, the asymmetry, I think more people are taking advantage of the United States, and our openness. … In my opinion, cyberattacks are also more effective against United States than against other nations.”