UK companies with a presence in the Middle East have been urged to step up vigilance against cyber threats from Iran following attacks by the US and Israel.
The National Cyber Security Center (NCSC) said there was “almost certainly” an increased risk of an indirect cyber threat to organizations that had offices or supply chains in the Middle East.
The UK’s cybersecurity agency said Iran remained a threat despite an extensive bombing campaign that has devastated the country’s political and military leadership, including the death of its supreme leader, Ayatollah Ali Khamenei.
“The Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capacity to conduct cyber activities,” the NCSC said.
The agency said in an alert published on Monday that there was “probably” no significant change to the direct cyber threat from Iran to the UK, but that organizations should prepare for the risk of collateral damage from hacktivists linked to Iran. He said organizations with a presence in the region should consider increasing monitoring of their IT systems and follow NCSC guidelines to address increased threat of cyber attacks.
Jonathon Ellison, national resilience director at the NCSC, said UK organizations and key infrastructure providers such as airports and power stations needed to “act now” to protect themselves from potential attacks.
“In light of the rapidly evolving events in the Middle East, it is vital that all UK organizations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains located in areas of regional tensions,” he said.
Iran was blamed for a series of high-profile cyberattacks between 2012 and 2014 against American financial institutions, oil company Saudi Aramco and Las Vegas-based hotel and casino company Sands.
Rafe Pilling, director of threat intelligence at cybersecurity firm Sophos, said the UK was unlikely to be “top of the list” of targets for Iranian attacks, but British businesses could be caught up in raids by state-backed hackers.
“Many of these hacktivist groups will opportunistically pursue targets,” he said.
Pilling added that Iran was not as effective a cyber adversary as China or Russia, but, as the 2012-14 attacks demonstrated, it could still cause problems. “Iran is not on par with China and Russia in terms of sophistication and scale, but it should not be underestimated,” he said.
CrowdStrike, an American cybersecurity company, has said it is already seeing threatening activity from hackers linked to Iran, including the initiation of so-called distributed denial-of-service attacks, where attackers attempt to overwhelm a target’s servers with a flood of Internet traffic.
Cynthia Kaiser, a former top official in the FBI’s cyber division and senior vice president at anti-ransomware firm Halcyon, said Iran’s cyber operations stemmed from a “murky mix of state sponsorship, personal profiteering and outright criminal behavior.”
He added: “As Iran considers its response to US and Israeli military actions, it is likely to activate any of these cyber actors if it believes their operations could generate a significant retaliatory impact.”
Kaiser said Halcyon had detected activity consistent with Iranian state groups attempting to steal data from organizations that maintained important personal records, likely to identify and locate potential Iranian dissidents. He added that a significant threat to companies operating in the Middle East could be physical attacks on data centers that could “delay or stop business operations until a suitable alternative is brought online.”
