Iran has promised retaliation following the U.S. killing of its top commander, and one form that could take is cyberattacks. Iran has a track record of cyberattacks against banks, oil companies, and even casinos.
And one way into these corporate networks is through individual employees.
Iranian hackers exploit social networks like LinkedIn, pretending to be recruiters who lure people into opening email attachments, explained John Hultquist, director of intelligence analysis at cyber security firm FireEye.
“Eventually you’ll be getting fake job information that’s actually malware or a virus that will give them a foot hold in the company’s network,” he said.
Once inside, Iranians could delete corporate data, as they’ve done to the Saudi oil company Aramco. Or shut down websites, as they did to American banks. Or expose personal private data. Or take over the power grid.
David Edelman, who teaches cyber policy at MIT, said companies right now have to warn their workers, not just IT departments, about social media risks.
“You can’t just delegate it back to the nerds. This is going to be something that every company that thinks it might be at risk is going to have to engage with every employee,” he said.
Iran is not considered the most sophisticated cyber actor, but Edelman said it has attacked and been the target of attacks, so it has “an unusual amount of experience” with hacking.
If you’re a member of your local public radio station, we thank you — because your support helps those stations keep programs like Marketplace on the air. But for Marketplace to continue to grow, we need additional investment from those who care most about what we do: superfans like you.
Your donation — as little as $5 — helps us create more content that matters to you and your community, and to reach more people where they are – whether that’s radio, podcasts or online.
When you contribute directly to Marketplace, you become a partner in that mission: someone who understands that when we all get smarter, everybody wins.