The latest cybersecurity report from Accenture says that, “nation-state-sponsored cyberattacks (emanating from Iran have) grown, and this is likely to continue.”
The report also claims that Iranian hackers are becoming more adept at cyberattacks involving cryptocurrencies, including mining malware attacks (where hackers create “botnets” of sometimes thousands of crypto-mining software-infected computers) and ransomware attacks (where hackers sneak malware onto computer systems, often through an email attachment, and then seize the data on that system).
The annulment of the Iran nuclear deal by the US government this spring has put the Iranian government on the defensive, says the report, and has, “placed (the country) under extreme economic pressure,” meaning the government may feel it has even greater incentive to lash out at perceived enemies.
“The Iranian government is,” according to the report, “likely to continue its cyber espionage activities and develop its cyber capabilities for political and strategic influence.”
Particularly at risk are Android-based systems, claim Accenture analysts, the favoured “attack surface” of malware developers:
“Threat actors are capitalizing on unofficial or third-party Android application marketplaces as their key destinations for malicious application delivery…(They) also regularly attempt to disseminate malicious applications through the official Google Play Store to appear legitimate and reach a larger installation base.”
And though Accenture believes Iran will likely continue to focus its cyber attacks on Middle Eastern countries like Saudi Arabia, Isreal, and the UAE, Iran could at some point ‘pivot’ attacks onto other nations.
Public and private sector officials should accordingly ensure the protection of their financial and critical infrastructure, their healthcare, government, military, and energy sectors, say the Accenture analysts.
The relatively easy transmission of cryptocurrencies over the Internet, Accenture says, has led to a “dramatic increase” in Iran-based ransomware attacks.
Unlike purely politically-motivated attacks, ransomware attacks give added financial reward. Hackers can seize data and intellectual property, duplicate it, and then sell it back, producing manifold income streams in a single attack.
Accenture analysts claim a “deep familiarity” with an Iranian hack group that they say has enabled them to trace a number of high profile and mysterious malware hacks back to Iran.
For example, despite the embedding of “false flag” Chinese code strings in certain malware, Accenture analysts were able to trace its origins to Iran.
The report claims that in one direct encounter with hackers, a third party posing as a victim induced a “trade craft error” from one of the hackers, causing that person to expose an IP address located in Iran.