Iran Escalates Cyber Operations Targeting U.S.

Note this article was written back on the 8th of July. I found it because a company I know was hit with ransomware back in May 2019. To date they paid the ransom but they remain crippled in their IT; almost two months later. Since the company has hired several forensic IT experts along with multiple visits by the FBI we are beginning to hear these former federal employees speak about as to how the USA is being attacked via several foreign operators one of which was mentioned is Iran. So whom in Congress and the Senate is supporting Iran and how they are trying to tie Trump up. Traitors all.

So just fooling around on the web I came across this article :

Foundation for Defense of Democracies

The cybersecurity firms Crowdstrike, Dragos, and Fireeye all told WIRED that prior to CYBERCOM’s operations, they had already seen new, widespread phishing campaigns targeting government and private industry in the U.S. and Europe. It is unclear if the Iran-affiliated hackers compromised any of the networks they attacked, but these hackers have shown they can cause extensive damage. In March, Microsoft estimated that the same group had cost energy companies, heavy machinery companies, and other multinational firms hundreds of millions of dollars over the past two years. Those attacks surged in late 2018, corresponding with the reinstatement of U.S. sanctions on Iran after the Trump administration withdrew from the 2015 nuclear deal.

U.S. Cyber Command warned last week of an active campaign to exploit a known software vulnerability that Iranian hackers have used in the past. Iran’s months-long cyber campaign predates the recent rise in tensions in the Gulf; it is part of Tehran’s attempt to counter U.S. economic pressure via cyber-enabled economic warfare. After Iran shot down an American drone last month, U.S. Cyber Command (CYBERCOM) conducted operations to disable the computer systems Iran uses to control rocket and missile launches. U.S. operations also targeted a hacking group affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). But Iran’s escalation in cyberspace predates these operations; it is part of a long-term response to U.S. sanctions, not a reaction to CYBERCOM’s efforts.

Iran wants to suck us into a war, or push us as far as they can.....(a dangerous move) It might involve a few terrorist attacks in the United States, but Iran would get creamed from the air, decimated. Lots of world history at stake, irreplaceable history. Israel would like to get in on some FUBAR as well. Ol' Kim will have to wait, or get back in line.

Take the glove off, give these #ers some raw hand.

However, they've been doing that for some time, plus other foreign nations as well, most notably, China.

I wouldn't doubt if there is some sort of unnofficial back door network of powers/factions between Russia, Iran and China, via BRICS, to rely infomation to each other as a means to learn more.

originally posted by: Plotus
Iran wants to suck us into a war, or push us as far as they can.....(a dangerous move) It might involve a few terrorist attacks in the United States, but Iran would get creamed from the air, decimated. Lots of world history at stake, irreplaceable history. Israel would like to get in on some FUBAR as well. Ol' Kim will have to wait, or get back in line.

I think that (Iranian backed) terror attacks in the United States are highly, highly unlikely in 2019 or any other coming year for that matter.

What I do believe, however, is that if the United States is drawn into a large-scale conflict in the Gulf within the next year or two, there will be no getting back up. Hence, the caution right now.

There are powers at play here that wish to pin the current superpower down - and with an ever-growing deficit, this may cause even greater instability across the entire planet. We must all be very, very cautious with Iran and anything that occurs in the Gulf region right now...

a reply to: Waterglass

Seems the FDD has a finger in this pie.

Congressman Howard Berman (D-CA) thanked the organization saying "FDD has been one the most committed and creative voices in Washington regarding the Iran nuclear issue and specifically Iran sanctions".[20] FDD's efforts to target the Iranian regime's finances has gone beyond energy sanctions. The organization pushed for sanctions against the Central Bank of the Islamic Republic of Iran and its use of Society for Worldwide Interbank Financial Telecommunication (SWIFT) to perform transactions. According to The Wall Street Journal, FDD "has done most of the spadework on the issue".[21]
en.wikipedia.org...

FDD also describes itself as a global research organization. Its purpose, it says, is to conduct “research and provide education on international terrorism—the most serious security threat to the United States and other free, democratic nations.” But it has conducted its research from a particular vantage point and with a relatively narrow focus.

Its research and advocacy have centered on the Middle East and in particular on conflicts and issues that impinge on Israel. And its positions have closely tracked those of the Likud party and its leader, Prime Minister Benjamin Netanyahu—not just on the Iran deal, but on the conflict between the Israelis and the Palestinians and the desirability of a two-state solution. Understanding the think tank’s ideological affinity with the Israeli government, and the roots of that affinity, helps explain the special role that FDD has played in opposing the Iran deal and may shed light on what FDD hopes to accomplish by derailing President Obama’s signature foreign policy accomplishment.
www.slate.com... ml?via=gdpr-consent

Is THAT why Pornhub is slow. DAMN you Ayatollah!

a reply to: Waterglass

U.S. Cyber Command warned last week of an active campaign to exploit a known software vulnerability that Iranian hackers have used in the past.

First line of your article. It's a known vulnerability, so is there a mitigation strategy in place? Can this vulnerability be fixed or compensating controls be put into place? The answer to these questions should be yes, but as you see with your ransomware example, obviously places are not following proper security procedures.

Basic security hygiene resolves 99% of these issues, 0.9999999999% are users that still haven't gotten the awareness training on how to not click crap in an email. Lastly we have the 0.0000000001% that are actually state sponsored attacks. These are the attacks that aren't using off the shelf like Cobalt Strike or Metasploit, they're using highly targeted and tailored methodologies and tools to get into systems.

Proper network segmentation, encryption break and inspect at all boundaries, advanced endpoint security solutions, application white-listing, properly configured DLP, proper logging and monitoring of systems, privileged account management solutions, patching and software life-cycle management, and end-user awareness and training. That's really all you need aside from a policy to tie it all together. That will keep you out of that 99.9999999999% and then you only have to worry about APT or other advanced threats.

Number of companies and government entities (not just US) I've seen with all of these things in place properly = 0.

a reply to: Hypntick

PBS has several episodes in that members of our government are quoted as saying that the 2020 voting can be hacked and manipulated in State, local and Federal elections. Possibly what you are suggesting is a falsehood. I mean why didn't Billy boy gates see this coming when he launched Microsoft and introduce countermeasures to prevent all of this. Seems to me at 40 years later its worse than ever. Blaming the victim is so easy isn't it. This sheet is the result of employees or subcontractors of the NSA stealing their own developed software used for ransomware today along with cyber-attacks. Seems to me uncle Sam doesn't have a patch for it?

originally posted by: Arnie123
However, they've been doing that for some time, plus other foreign nations as well, most notably, China.

I wouldn't doubt if there is some sort of unnofficial back door network of powers/factions between Russia, Iran and China, via BRICS, to rely infomation to each other as a means to learn more.

I bought some security cameras and a company from China kept trying to get into my network. It's widely reported with all cameras manufactured in China.

a reply to: Waterglass

I work in information security for a living, it's the same type of advice that is given to every entity in the world that is connected in some capacity. When it comes to the PBS folks saying that things can be hacked, you are correct, if it's connected in some fashion it can be compromised. There is no way to account for a zero day vulnerability being exploited. It's part of why they're looking at analog controls for the power distribution systems in the US again, when you have it connected, if someone wants in bad enough they will find a way.

As for anyone seeing this coming 40 years ago, they did. Unfortunately you have a human element to everything that is developed, having a human element results in human error, or even a tendency toward laziness. Sometimes it's laziness in code or hardware design, heck sometimes it's a financial trade-off for companies, they choose to accept the risk due to the low likelihood of occurrence.

The minute you try and come up with something "un-hackable" is the minute you have egg on your face from a collective of people who will prove you wrong. It's been that way with game and movie companies coming out with "pirate proof" methods to protect their IP, about 24 hours later someone who has a different line of thinking than their developers shows up with a bypass.

I can blame the victim because the victim can do better, I can also blame the creators of the platform that is exploited because they can do better in design. I'll even blame the attackers, but it's not going to do any good in resolving the issues. A combination of informed user base with informed development that has information feeds going bi-directional to shore up security weakness as they're discovered is the only to way slow down the problem. You'll never stop the problem...unless of course you EMP the plant.

originally posted by: Flesh699

originally posted by: Arnie123
However, they've been doing that for some time, plus other foreign nations as well, most notably, China.

I wouldn't doubt if there is some sort of unnofficial back door network of powers/factions between Russia, Iran and China, via BRICS, to rely infomation to each other as a means to learn more.

I bought some security cameras and a company from China kept trying to get into my network. It's widely reported with all cameras manufactured in China.

That's why I build my own. Cameras from defunct laptops make a good starting point. You can connect them by wiring up USB cables. I use Arduino (ESP32) boards to capture the video on a local network (not connected to Internet).

The ESP boards are made in China but to make use of them, you have to write your own code and flash it to the board.

All these posts about Iran, Russia or China cyber terrorism against the US. Why do we never see the news of us cyber terrorism against other nations. Didn’t we shut down Venezuela’s power grid? Didn’t we critically damage Iran’s nuclear reactors? I’d expect similar is going on constantly. Let’s not get alarmist or offended by stories of strike and counter strike, acting the wounded innocent. The hypocrisy is hard to stomach.