Leaked Iranian documents suggest a hot-bed of hacking, with targets directed towards facilities in the U.S., Europe, and the Middle East. The current focus is with so-called ‘second tier’ targets, which include organizations that are not among the biggest, most successful, or most important of its type. Such organizations can still have major effects should they be hit and they are the current focus because, in many cases, their systems are not as robust as the ‘first tier’ public-private institutions.
Radiflow has provided insights about the secret files of Iran. The Iranian issue was recently revealed in a Sky News report. Radiflow, is a cyber-security solutions provider for critical infrastructures. The concern for governments and utilities companies is that remote access to building controls can lead to the closing of critical government and power supplies. This represents a development in terms of cyberwarfare.
The leaked documents appear to come from part of the Islamic Revolutionary Guard Corps called Intelligence Group 13. Among the apparent targets and activities are actions which could capsize merchant vessels, lead to the remote control of electrical controllers used in building management systems, and tamper with fuel pumps triggering oil spills or even explosions.
Whether Iran has delivered any of these cyberattacks is something open to speculation. What is a fact are the hundreds of attacks launched on U.S. companies and government services, including a focus on Building Management Systems (BMSs).
The review by Radiflow reveals why BMSs are easy targets. One reason is because they are connected systems, linked to the Internet (often as part of smart city solutions). Another reason rests with the relatively weak cybersecurity practices that sometimes arise. Weak cybersecurity includes issues surrounding authentication and secure access.
According to Ilan Barda, Founder and CEO of Radiflow (as quoted by Security Week): “What makes them so valuable is their potential to be used as a gateway to building systems. Once inside, a hacker can manipulate air circulation units, elevators, and any other critical infrastructure to carry out physical attacks.”
Another pattern within the Iranian cyber report is what appears to be an intention to identify vulnerabilities in specific satellite communication gateways. This remains an area of hypothetical attack, but given the global reliance upon satellite communications, the consequences of such an attack could be severe.
Iran has allegedly been responsible for cyber offensives against Saudi Arabian oil refineries (as reported by Forbes) and Israeli water management facilities (as picked by ZDNet).
Therefore, the content of the report needs to be taken seriously and this provides a reminder to cybersecurity service providers to strengthen their systems. The way this can be achieved, based on current technology, is through segmentation, password validation, two-factor authentication, and cyber threat detection mechanisms.
