The US-Iran war in the Middle East has taken a rather unusual turn – an increase in cyber attacks on companies located far from the main battlefield. On March 11, a cyberattack on Portage, Michigan-based Stryker medical device maker rocked the company. A few days later, a pro-Iranian group called Handala claimed responsibility for the attack, saying it was in retaliation for attacks on Iran.
The cyberattack on Stryker affected Microsoft’s internal software system and disrupted order processing, manufacturing and shipping.
Not only Stryker, Handala also claimed to have hacked FBI Director Kash Patel’s email account and leaked private information, including personal videos.
According to an article on The Conversation, published by news agency PTI, many state-linked cyber activities are not designed to create immediate, visible chaos. It is designed to create leverage.
Recent cyber attacks have made it clear that wars are no longer just fought in the sky, sea and land. It’s taken a digital turn where you can’t see what’s coming.
Read also | Hackers linked to Iran hit medical giant Stryker in major retaliatory cyber attack
How state-sponsored cyberattacks typically work
Most state-linked cyberattacks, including those launched by the US, follow a common sequence, says William Akoto, an assistant professor of global security at the American University School of International Service who authored the article on The Conversation.
The first step is for attackers to gain initial access. This can be achieved using methods such as phishing, exploiting known vulnerabilities, or exploiting weak remote access.
Once inside the system, the attacker tries to find valuable data and sensitive systems. Often using administrative tools to blend into the system, these hackers seek elevated privileges and move laterally.
This subtle maneuvering can make it difficult for defenders to detect the real hacker and separate them from the administrator, especially when the intruder is deliberately trying to make their actions look like normal business.
Read also | Iran warns UN Security Council against provocative action in Strait of Hormuz
The next step is to ensure persistence so that a hacker can access the software for a longer period of time. If leverage is the target, attackers want to survive defenders’ cleanup efforts after they discover they’ve been attacked.
Ultimately, the attacker can choose what effect he wants the cyber attack to have. In the case of Stryker, the company’s critical operation was halted. However, sometimes the goal may be to steal data rather than cause downtime. This was seen in the case of the cyber attack that leaked FBI Director Kash Patel’s private information.
what is the solution
As for the US, the country is growing its defense ecosystem, but it’s more complicated than it seems.
The Cybersecurity and Infrastructure Security Agency is urging organizations to increase their cyber security vigilance during periods of heightened geopolitical risk.
The agency, along with the FBI, National Security Agency and international partners, also publishes advisories with indicators and recommended mitigation measures when it sees active campaigns.
Read also | Who is Randy George? US Army Chief of Staff fired by Pete Hegseth
However, the most critical infrastructure is owned by private companies. This has forced federal defense to depend on partnerships to carry out tasks such as supporting coordinated public-private planning and sharing information on major cyber risks.
The US Congress has also called on the private sector to report security incidents more quickly so that information can be shared. The Critical Infrastructure Cyber Incident Reporting Act of 2022 establishes reporting timelines that include reporting cyber incidents within 72 hours and ransomware payments within 24 hours of payment.
Key things
- Cyber attacks represent a new form of warfare that targets critical infrastructure without traditional military tactics.
- The importance of public-private partnerships in cybersecurity is paramount to protecting sensitive data and operations.
- Organizations need to improve their cybersecurity measures, especially during periods of heightened geopolitical tension.
