Asian CISOs Prepare for Iranian CyberattacksRegion May Be at Risk Because Many Asian Countries Have Close Ties With the U.S.
Organizations in Asia, like those in the United States and around the world, are preparing for potential cyberattacks tied to Iran in the wake of the U.S. killing of Iranian Major General Qasem Soleimani last week.
For example, the CISO of a major conglomerate based in Malaysia, who asked not to be named, tells Information Security Media Group that members of the firm's board have held meetings to keep informed about enhanced security measures.
"We understand that Iran has cyber capabilities similar to China, Russia, and the U.S. Furthermore, given critical infrastructure was not initially designed with security by default, to carry out attacks will be a cake walk," the CISO says (see: Iran's Cyber Response: 'They're Going to Unleash the Hounds').
India's cybersecurity chief, Lt. Gen. Rajesh Pant is also concerned about potential cyberattacks arising out of Iran-U.S. standoff. "The killing of two top commanders of Iran and Iraq has certainly heightened tensions not only in the region but globally," Pant says. "The option of cyberattacks by both sides is definitely open, although in order to create a more visible effect, the cyberattacks may result in affected cyber physical systems or through ransomware."
On Tuesday, Iran waged missile strikes against bases in Iraq housing American troops.
John Hultquist, director of intelligence analysis at security firm FireEye, says the company is concerned that Iran-linked hackers now will be more likely to carrying out data-destroying attacks on some of its customers, which include Fortune 100 firms. Some of FireEye's clients have a presence in Asia and the Middle East, and those operations could be targeted as well as those in the United States, Hultquist says.
"The conventional wisdom is that the Iranian response will include cyberattacks in the U.S," says New-Delhi-based Dr. Cherian Samuel, research fellow in the Strategic Technologies Center at the Institute for Defense Studies and Analyses. "But we must not forget that it has been targeting West Asia ever since its nuclear facilities were attacked in a joint US/Israel operation" in the Stuxnet operation, he adds.
Iran's past targets have been universities, critical infrastructure, telecommunications networks, banks and even the core infrastructure of the internet, he notes.
For example, a 2012 wiper attack against Saudi Aramco that destroyed 30,000 computers as well as an attack against Las Vegas Sands casino in 2014 have both been attributed to Iran.
"I don't rule out attacks on operational technology and SCADA systems which have always been the prime targets for Iran," says Singapore-based Aloysius Cheang, executive vice president, Center for Strategic Cyberspace and International Studies.
CISOs: Time for Action
Nations that host U.S. military operations, including Singapore, Japan, Australia and New Zealand, could be targeted for Iranian retaliation, some security experts in the region say. Cyberattacks against critical infrastructure, they say, could involve using malware with destructive and data wiping capabilities.
"The main challenge that I see when it comes to preparedness of CISOs is the lack of visibility. You cannot protect what you do not know about and that is the majority of the challenge," says Andrew Jenkinson, group CEO, Cybersec Innovation Partners, a U.K. based cybersecurity consultancy.
Singapore-based Andrew Koh, deputy general manager and regional head of risk at Habib Bank Ltd., notes: "Very little is known on Iran's cyber army and it's capabilities on cyber warfare. For practitioners, this poses serious challenges given the strains in terms of knowledge, resources and lack ... which are existing industrywide issues."
Many companies in Asia and elsewhere lack a functional cyber threat-hunting team, adds Rakesh Kharwal, managing director, APAC, at Cyberbit at Cyberbit, an Israel-headquartered provider of cyber training and simulation programs.
"While a team might exist, most activities done by them are just on paper," he says. "I see very few companies taking the initiative to actively hunt for threats. Only when there is an attack do these teams get their acts together."
Security leaders in the region advise organization to prepare for cyberattacks by taking several steps, including:
- Patching systems to minimize vulnerabilities;
- Use multifactor authentication;
- Implement threat profiling as a first line of defence;
- Map geopolitical risk with a proper risk assessment plan;
- Enhance threat detection and response capabilities;
- Protect information assets at multiple levels and points using multiple techniques and technologies;
- Collaborate with others to develop a cohesive, response plan.