USA vs Iran: conventional or cyber conflict?

(To Alessandro Rugolo)
06/01/20

What is happening in the world these days you can read it in all the newspapers. Without claiming, of course, to be able to read "the truth" about what happens (but does a "truth" exist?), It is still possible to get an idea of ​​one's own.

It is more difficult for the general public to understand what is happening in the cyber field between the two belligerents: USA and Iran.

The United States of America and Iran, according to what is publicly available, are two cyber powers and have a not insignificant arsenal and which it seems have already used on several occasions.

To get an idea of ​​Iran's capabilities you can take a look at the list of APTs that according to analysts are led by the state (to name just a few: APT 33, APT 39, Charming Kitten, Cleaver, CopyKittens ...).

As for American capabilities, it is useless to browse APT lists because you will not find anything, but you can see their organization and understand what we are talking about. Let's not forget also that the "joke" known by the name of Stuxnet, in the context of a 2006 American operation against Iran has never been forgotten. Since then, however, things may have changed.

After taking a short internet tour to understand what the two belligerent states are believed to be capable of, let's see what is happening around the world and if there is news of cyber attacks ...

The newspapers report several reports of defacement (replacement of the original home page of a site with another usually containing a message) and attacks on American infrastructures and sites. The US site of the Federal Depository Library Program is one of the first victims, we also report the defacement of the webpage thebestofminneapolis.org.
The messages sent from Iran to the United States regarding the killing of General Qasem Suleimani announce revenge, this means that the level of cyber risk is to be considered very high.

Clearly in a similar situation, the one who has the most to lose is who uses digital services extensively, because the attack surface is greater (in practice it means that you have to defend yourself on many fronts).

More attacks are expected and American authorities have issued the alarm indicating that Iran "maintains a robust cyber program and can execute cyber Attacks against the United States. Iran is capable, at minimum, of carrying out Attacks with temporary disruptive effects against critical infrastructure in the United States".

And what can we say? Is Italy at risk?

Some might think that we are not at war but it must be remembered that sometimes, "at war", one can be dragged by the Alliances: NATO has already stated that the use of Article 5 (collective defense) could also be invoked following a cyber attack. Unfortunately, however, beyond the fact that Italy is on one side or the other, or neutral, as often happens, when it comes to dealing with the cyberspace you cannot predict what the "collateral damage" will be, state borders do not exist on the Internet so it will be necessary to pay close attention to the indicators collected by the operational analysis companies and to put in place all that we have in the field of prevention.

We will try to provide information, as we always do.

Good luck to the technicians, the work of the Cert for this early 2020 promises to be heavy!

To learn more:
- https://www.siasat.com/us-govt-website-briefly-defaced-iranian-hackers-1...
- https://english.lokmat.com/international/us-govt-website-briefly-defaced...
- https://www.cbsnews.com/news/iran-hackers-briefly-deface-website-for-u-s...
- https://edition.cnn.com/2020/01/05/tech/iran-cyberattacks-retaliation/in...
- https://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bul...

Photo: web / US Army