IRAN WATCH — Tehran has made clear that if Israel doesn’t back off from Gaza, it will enter the fray, more than a week into the unsettling humanitarian crisis and rocket barrage on the Gaza Strip following Hamas’ brutal attack on Israel. Here’s what that could mean for the cyber frontier of the conflict. — Cyberattacks over missiles: Despite Tehran's posturing, experts like the Middle East Institute's Iran program director Alex Vatanka say the regime is not at all interested or ready to go to war with Israel. But one way in could be spraying Israel with offensive cyber ops, which would give Iran room to maneuver and deny involvement to avoid regional escalation. “I don't think they would throw everything they have in terms of cyber capabilities,†Vatanka tells MC. “While they may have the capacity to bring damage, that would bring escalation … and Iran is not looking to go to war with Israel.†Those cyberattacks could already be underway, with security experts linking at least one anti-Israeli disinformation operation to Iran. — Iran’s capabilities may be confined: Tehran has grown adept at exploiting vulnerabilities, using proxies to carry out ransom operations and compromising networks through crypto miners and credential harvesters. But Iran’s intimidating cyber prowess is built more for regime control — to punish external and internal dissent — rather than attacking foreign critical infrastructure. “It’ll be limited,†said Mark Montgomery, senior director at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation of potential cyberattacks by Iran. “They will try to do it under a false flag, where it looks like it’s being done by a non-state actor, so they can have some plausible deniability.†While there are instances of Iran targeting critical infrastructure in the past, it is not likely ready to risk getting dragged into a war just yet — not until more geopolitical concerns are at stake, Montgomery and Vatanka both said. — Long history of tit for tat: That’s not to say that Iran and Israel aren’t already partaking in ongoing cyber war games. Both have taken turns swinging cyber swords at each other for more than a decade, including Israeli intel sources taking credit for a blackout-then-explosion at Iran’s Natanz uranium enrichment site in 2021 and an Iranian move attempting to deploy malware that would erase data in the same year. The attacks go all the way back to 2010, after a joint project by Israel and the United States is said to have created the Stuxnet computer worm — targeting thousands of Iranian computers involved in Tehran’s nuclear program. — Where Israel could use some help: Despite both Iran and Israel being known for exceptional cyber capabilities, Israel’s offensive and defensive strengths give it the clear upper hand. But that doesn’t mean there aren’t risks. “What I think they may need help with is analysis,†Montgomery said. “They have lots of different kinds of threat signals coming in, so that’s a place where [the U.S.] can provide some capacity.†STYLE CHANGE — Despite claims from hacktivist groups, a new report says a surge of cyber activity did not set the stage for conflict between Israel and Hamas — bucking the trend regularly seen in contemporary wars over the years. And while attacks have been relatively unsuccessful, researchers warn that attacks targeting Israeli industrial control systems have the potential for serious consequences. That’s according to new research from SecurityScorecard’s threat research, intelligence, knowledge and engagement team, which adds that DDoS attacks and website defacements have dominated the landscape and are typically orchestrated by diverse groups sympathizing with either side. ICS devices, which control critical infrastructure such as power grid substantive and manufacturing lines, are becoming increasingly complex and interconnected — making them more vulnerable to attack. — Ukraine-Russia: Severe disruptions took shape at the start of the war between Ukraine and Russia, with hackers targeting the KA-SAT satellite network hours before Russian tanks crossed the border, causing major comms disruptions. Hacktivist groups have since continued to attack and disrupt services. — Putting the pieces together: The low internet-connectivity is a tell-tale sign that the attacks are coming from outside the region and giving clues on where Hamas is finding support — including Iran. But some former officials say the Iranian regime is likely to have steered clear so far. That’s along the lines of how former U.S. national cyber director Chris Inglis sees it, telling Maggie that he believes Iran has “worked hard not to have their fingerprints on this,†adding that “I don’t think there will be any main effort of trying to actually apply their resources as a co-combatant alongside that.â€
|