Only a few days after a drone strike killed Iran’s highest ranked military leader, Qassim Suleimani, government officials and the Department of Homeland Security released statements warning of a possible retaliation through cyber warfare. Christopher Krebs, the head of the Cybersecurity and Infrastructure Security Agency (CISA), warned that the threats to the United States doesn’t stop at the federal government; he thinks that the attacks may reach everyday people. Below is the statement sent out by the DHS:
What are they capable of?
For the everyday internet and computer user, this may not raise too many alarms as they may not know what a cyber attack like this may entail. Iran has cyber-war capabilities, in the past they have hacked into government websites, taken down servers of corporate targets, and broken into email accounts of people speaking out against their regime. In the past, their actions seem to be geared toward cyber vandalism, but that doesn’t mean that they aren’t capable of something far more serious.
What is the worst case scenario?
If what Christoper Krebs, head of the CISA warned the country about comes to fruition, we may be in a little bit of trouble. There is the potential for Iran’s hackers to take over power grids and shut them down for days or weeks. The stock market could be hacked into, taken offline, or simply manipulated causing economic turmoil. Iran could take over water supply systems, leading to unsafe drinking water, or even hack into Tesla’s auto-drive feature to take over control of the vehicle. These may seem like exceptional hacking events, but increasingly cybersecurity researchers are showing them to be very possible. According to one DHS employee, “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
What can we do?
SMB’s and individuals can take a number of relatively easy actions to improve your online security. CyberHoot you take these actions:
- Be aware of suspicious phishing emails which hackers use to breach your identity, company, or data. To understand phishing attacks, watch our short video: How to Protect Yourself from Phishing Attacks
- Implement basic cybersecurity practices such as regular data backups and employing multi-factor authentication on all critical accounts.
- Train your employees on basic cybersecurity hygiene such as strong and unique passwords, password managers, and the different ways hackers try and get their information or access to their systems.
- Update/patch all devices and software whenever possible to ensure vulnerabilities are fixed.
It is always important to stay informed and up to date with the cybersecurity threats and terminology, sign up for our CyberHoot Newsletter to get bi-weekly updates and stay ahead of the game!