Accenture outlines growing Iran threat in global cybersecurity report
Global professional services giant Accenture has pointed the finger at Iran as a growing threat to international cybersecurity, with a recent report further outlining the rise in ransomware originating in the country.
Accenture’s mid-year ‘Cyber Threatscape Report’, compiled by threat intelligence analysts from Accenture Security iDefense practice, has detailed the growing activity of nation-state-sponsored cyberattacks emanating from Iran, contending that the Iranian government and hacktivists located in the country ‘pose a disruptive or destructive cyber threat’ against the US, Europe, and the Middle East.
Cutting directly to the point, the firm states that the continued development of and expectations for growth in Iran’s cyber-espionage programmes and influence operations which it described in last year’s corresponding report had now been ‘realised’, and are likely to continue in an bid to exert political and strategic influence, amounting to a threat described as a ‘growing force to be reckoned with’.
And while the report suggests that, based on current Iranian policy, a direct cyberattack on the US or its European counterparts may not eventuate in the near future – despite increasingly rising tensions – the author’s suggest that Iran may still well take a more aggressive posture toward regional foes such as Saudi Arabia, the UAE, Bahrain and Israel as retribution for their support of the US reneging on the joint Iran nuclear agreement.
“The convergence of information technology (IT) and operational technology (OT) is opening doors to adversaries to disrupt operations, deploy crypto-mining malware, or to conduct deep-seated espionage operations,” the report states, adding that the rise in activity is extending beyond Iran and evolving in sophistication, with an increase in origin identification and occasional arrests doing little to curtail the threat.
The report further notes that threat actors globally are broadening their attack scope beyond direct spear-phishing campaigns and vulnerability exploitation to target weak links in far-removed supply chain partners by attacking Internet of Things (IoT) and Industrial Internet of Things (IIoT) technologies – particularly in the in the oil and natural gas industry – which were not originally designed with cyber-defence in mind.
Further to the geopolitical underpinnings of the Iranian cyber-espionage programmes alleged by the report was a concurrent rise in Iran-attributed ransomware (developed to compromise and encrypt both Windows operating systems and Android mobile devices), indicating, according to the analysts, that “Iranian cybercrime actors are likely to be financially motivated to target global organisations by using ransomware and cryptocurrency miners for financial gain.”
The report states in conclusion; “Iran will likely focus much of its attention on other Middle Eastern nations; however, Iran-based threat actors have the potential to pivot their attacks to other nations, consumers, or businesses. Organisations, businesses, and governments should not ignore the Iran-based threat; they should proactively build resilience against it, especially against Android-based malware and ransomware, as Iran-based threat actors will likely use these as their cyber weapons of choice.”