CNBC’s Kate Fazzini reports on the risks of a cyberattack from Iran on “Closing Bell.” Iranian hackers are likely planning social engineering and phishing efforts as retaliation for the U.S. military’s killing of Iranian military chief Qasem Soleimani, according to security experts in government and the private sector.
But the flurry of website defacements over the weekend are unlikely to be important, and might not have originated from Iran at all. On Saturday and Sunday, several websites across the globe were hit with cyberattacks that defaced them with images and slogans supportive of Soleimani. The hacked websites displayed images of a fist-punching Trump among other anti-American rhetoric. Victims included the U.S. Federal Depository Library Program and the Commercial Bank of Sierra Leone.
Through a statement, the Department of Homeland Security expressed doubt these attacks were state-sponsored. One intelligence official from the Treasury Department, who wished to remain anonymous because he is not authorised to speak to media, said the organisation was not concerned with scattered online defacements, which cause little real damage and are difficult to attribute On the contrary, he said, Treasury and other government agencies are more concerned about a heightened risk of social engineering attacks from across the Shiite world, well beyond Iran, and the possibility that other hostile nations — like Russia or China — may take advantage of the chaos to launch their own attacks.
Along those lines, sources from federal, state and local agencies — including the cities of New York, Los Angeles and Houston; power authorities PSE&G in New Jersey and ConEd in New York; and the U.S. Treasury Department — told CNBC they are warning employees to be particularly wary of unexpected or suspicious emails, phone calls, text messages or other digital contacts that may serve as an entry point for attacks, more typical of the Iranian strategy. Experts are particularly concerned with the enormous emotional outpouring from across the Shiite Islam world, which could drive a variety of hacker collectives into action.
These could include groups sponsored by Hezbollah in Lebanon and pro-government forces in Syria, as well as other sympathisers with Iran’s plight. Russia has also assisted Iran in hacking efforts, and used the country as a cover to conduct its own espionage operations. “We watched the funeral march closely, in the sense that that’s a lot of emotion, that when harnessed alongside a pretty substantial cyber capability, is going to represent longer term fallout than just a few small site take downs,” the Treasury official said. He said that experts are more concerned about a possible flurry of social engineering attempts, aimed at compromising the credentials of employees in these agencies. Social engineering typically involves gathering information about a target — such as what he does for a living, or who her employees are — and using that information against the individual. Often this takes the form of a phishing email, which uses the personal details to convince the recipient to click on a malicious link, thus giving the sender access to the victim’s files or other information.