First Suleimani Attack By ‘Iranian’ Hackers Hits U.S., Exposing ‘Noisy’ New Threat

It didn’t take long—the  first attack on a U.S. government website  hit on Saturday, a day after the killing of Qassem Suleimani in Baghda...

It didn’t take long—the first attack on a U.S. government website hit on Saturday, a day after the killing of Qassem Suleimani in Baghdad. The fact there was an attack is not a surprise—speculation has been rife. And the style of the attack is consistent with the nature of the primary cyber threat we now face. Hackers claiming to be linked to Iran targeted a low-level domain—the website of the Federal Depository Library Program—defacing its home page, echoing Teheran’s threats of vengeance alongside imagery of President Trump, Ayatollah Khamenei and the Iranian flag. There is nothing substantive to link the hackers with the regime in Teheran. The FDLP website was taken down shortly after the attack—U.S. law enforcement is now investigating.

Iran has shown before that it can retaliate against the U.S. by targeting industry with indiscriminate malware or through more targeted hacking attacks on strategic industries. Despite its investments, it is not yet capable of attacks on the most hardened of U.S. targets, but an attack on the FDLP shows that there is a vast array of targets that have not needed to apply serious-grade security measures before. And this isn’t simply a matter of technology hardening—think user training to avoid credentials theft through spear-phishing attacks or base-level malware.

Beyond that, a tier-one cyber attack—think energy supplies, transportation grid, military command and control—requires technical or human assets to be in place, preparation, software exploits. Iran has invested in such capabilities, but once those tools are triggered they are blown—you don’t get to reuse the same attack over and over. So that means a decision as to whether to shoot now or wait until later, if there is an escalation then such tools may be needed and may have more of an impact.

Forbes.com