Iran Leak Hints at Second Tier Targets as Next Terror Gateway
July 2021 by Radiflow
A recent report by Sky News exposed a trove of documents that appear to be from a branch of the Islamic Revolutionary Guard Corps (IRGC), Intelligence Group 13. These findings show a coordinated attempt to collect information on the vulnerabilities of second-tier targets, including those that can capsize merchant vessels, the remote control of electrical controllers used in building management systems, and the ability to tamper with fuel pumps triggering spills or explosions.
Since 2019, hundreds of US companies and local government agencies have fallen victim to cyber-attacks. Now, leaked documents outline Iran’s intentions to gather information meant to attack Building Management Systems (BMSs) that are notoriously overlooked when setting up cybersecurity programs. BMSs are easy targets for two reasons. One, reliance on connecting building devices via the internet, even connecting to a remote facility that may operate vulnerable devices. Second, they are attractive to attackers since buildings rely on contractors to maintain facilities who may not follow proper cybersecurity practices, such as authentication and secure access. “Many of these second-tier targets seem irrelevant at first,” said Ilan Barda, Founder and CEO of Radiflow, a cybersecurity company that focuses on securing OT facilities. “What makes them so valuable is their potential to be used as a gateway to building systems. Once inside, a hacker can manipulate air circulation units, elevators, and any other critical infrastructure to carry out physical attacks.”
Another concern in the Iranian cyber report is their intention to find vulnerabilities in specific satellite communication (SATCOM) gateways. In some countries, poorly protected wireless networks can be exploited by attackers, allowing them to access vulnerable Satcom terminals on the network. While some of the report focused on hypothetical attacks, this piece showcased their potential for data collection and potential coordinated attacks.
Some questions remain regarding the intention of the Iranian military hacking group. Upon reviewing the report, Michael Langer, a renowned cyberwarfare expert and CPO of Radiflow, believes that this report may only specify their intent to pursue cyber terror further. “Iran is looking to expand the outreach and objects of their cyber-attacks,” said Langer. “Their history of disruptive cyber offensives on Saudi Arabian oil refineries and Israeli water management facilities are to be taken seriously. The Iranians mapping of BMS vulnerabilities may indicate a shift to target more easily exploitable sites. It’s time to think differently.”
While these attacks are causing CISO and cybersecurity teams to take notice, the tools most companies need to secure their systems already exist. “Familiar basic-hygiene practices are common tools that a growing number of the population recognize,” said Barda. “Segmentation, password validation, 2-factor authentication, and cyber threat detection mechanisms can act as a deterrence for attackers.”
Many companies have seen recent headlines surrounding cyberattacks without realizing they may be next. However, simple precautions may be the difference between another day at the office or a cyber-attack that deploys ransomware or exfiltration of sensitive data.