Iran has promised retaliation following the U.S. killing of its top commander, and one form that could take is cyberattacks. Iran has a track record of cyberattacks against banks, oil companies, and even casinos.
And one way into these corporate networks is through individual employees.
Iranian hackers exploit social networks like LinkedIn, pretending to be recruiters who lure people into opening email attachments, explained John Hultquist, director of intelligence analysis at cyber security firm FireEye.
“Eventually you’ll be getting fake job information that’s actually malware or a virus that will give them a foot hold in the company’s network,” he said.
Once inside, Iranians could delete corporate data, as they’ve done to the Saudi oil company Aramco. Or shut down websites, as they did to American banks. Or expose personal private data. Or take over the power grid.
David Edelman, who teaches cyber policy at MIT, said companies right now have to warn their workers, not just IT departments, about social media risks.
“You can’t just delegate it back to the nerds. This is going to be something that every company that thinks it might be at risk is going to have to engage with every employee,” he said.
Iran is not considered the most sophisticated cyber actor, but Edelman said it has attacked and been the target of attacks, so it has “an unusual amount of experience” with hacking.
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.