Communications of the ACM
Iran Cyber Attacks on the Rise
Credit: CriticalThreats.org, Norse
A team of researchers has found new evidence that digital attacks launched by Iranian interests are deliberately targeting Western infrastructure — and that those attacks are increasing at an alarming rate.
Led by Frederick W. Kagan, director of the American Enterprise Institute's Critical Threats Project, and Tommy Stiansen, cofounder and chief technology officer of the Norse Corp., a live attack intelligence firm, the researchers also found that Iran is actually using computing resources rented from Western hosting and cloud-computing companies to carry out attacks against Western targets.
The report's Executive Summary states that Iran is emerging as a "significant cyberthreat" to the United States and its allies. The full report, "The Growing Cyberthreat From Iran," details evidence of Iranian involvement in the following:
- Cyber attacks directly initiated from networks belonging to the Islamic Revolutionary Guard Corps.
- The establishment of a cyberinfrastructure outside Iran, possibly in violation of international sanctions, which is used for attacks against Western companies.
- Attacks on servers outside Iran to gain control of third-party systems that could be used in future Iranian cyber attacks. This would make it very difficult to trace the attacks back to Iran.
- Collaboration between the Iranian regime and Iranian civilian hackers who have a history of attacking Western computing assets.
The Norse Intelligence Network, which collected and analyzed the data for the report, found that the number of cyber attacks from Iranian-controlled systems has more than doubled in the past 15 months.
Attacks launched from Iranian-controlled IP addresses increased 128 percent between January 2014 and mid-March 2015, and individual Norse sensors hit by Iranian IP addresses rose 229 percent. Over the same period, the number of systems compromised by Iranian interests increased by 508 percent.
Among the report's key points:
- The evolution of Iran's cyber capability over the last few years has been characterized by computer network attacks — using destructive malware or denial-of-service attacks — to punish foreign players critical of the Iranian regime.
- The technical capability of Iranian state-based cyber players has evolved in a far shorter time (less than three years) than is typical in states not under international sanctions (perhaps 10 years or more).
The authors conclude that if Iran has been able to emerge as an increasingly capable and aggressive cyber power under international economic sanctions, lifting the sanctions as promised in the recently announced nuclear agreement will give Iran more resources to expand their offensive cyber capabilities.
No entries found