U.S. cyber security company Accenture assesses that Iran is likely to carry out cyber-attacks against other Middle Eastern countries, as well as Europe and the United States, if it comes under extreme economic pressure. With a sclerotic economy and the recent imposition of tough U.S. sanctions following Washington’s withdrawal from the Joint Comprehensive Plan of Action (JCPOA), many analysts fully expect Tehran to lash out in cyberspace.
The Accenture report, titled Cyber Threatscape Report 2018, also predicts that Iran will see an uptick in malware designed to exploit vulnerabilities in the Android operating system, possibly leading to new ways for the Iranian regime to conduct cyber espionage against its own citizens as well as the potential for Iranian cyber proxy groups to carry out criminal operations using ransomware.
The report argues that U.S. friends and allies in the Middle East, in particular Saudi Arabia, United Arab Emirates, Bahrain, and Israel will likely bear the brunt of any Iranian cyber operations carried out as revenge against additional U.S. sanctions.
“The Iranian government is likely to continue its cyber espionage activities and develop its cyber capabilities for political and strategic influence; however, it might also take a more aggressive posture against its neighboring rivals and regional enemies, such as Saudi Arabia, the United Arab Emirates, Bahrain, and Israel, for encouraging and supporting the United States decision on the annulment of the JCPOA agreement,” the report says.
Such an Iranian response, Accenture claims, will impact a range of government, commercial, and economic sectors in these countries, and potentially in Europe and the U.S. “[T]he IRGC Cyber Command is highly likely to resurrect its cyber threat activity against organizations in multiple industry sectors such as the financial, critical infrastructure, healthcare, government, and military, and energy sectors; consequently, iDefense threat intelligence assesses operational and economic risks to these organizations are likely to increase,” Accenture analysts say.
As well as a rise in malware designed to exploit vulnerabilities in the Android operating system, and more sophisticated methods in social engineering for the purposes of espionage, the Accenture report also highlights alarming evidence that Iranian state-sponsored proxy cyber groups are developing ransomware from existing strains of malware.
“The emergence of Iran-based threat actors and groups developing Iran-based ransomware, in addition to carrying out threat activities and sophisticated TTPs [tactics, techniques, and procedures], opens a new cybersecurity challenge for global organizations. The rise of state-affiliated cybercrime, as seen with Mabna Institute and its for-profit massive data theft of intellectual property from various universities and private sector organizations, provides a different perspective on Iran-based cyber criminals, their TTPs, and how they shared data with the Islamic Revolutionary Guard Corps for future research and development (R&D),” the report notes.
“Iranian ransomware development will continue to improve in the future to evade detection. Iranian cybercrime actors may have been using the aforementioned ransomware as test beds for their future attacks against foreign targeted entities or organizations, as targeting Iranian victims is against Iran’s cybercrime laws. Cybercrime actors in Iran are now more capable of using, mining, or exchanging cryptocurrencies, as Iranian nationals are becoming more and more familiar with blockchain technology and are better at understanding the concept of cryptocurrencies. The development and repurposing of ransomware on both desktop and mobile platforms may also be used for blackmail or extortion,” the Accenture report concludes.