Iran has promised retaliation following the U.S. killing of its top commander, and one form that could take is cyberattacks. Iran has a track record of cyberattacks against banks, oil companies, and even casinos.
And one way into these corporate networks is through individual employees.
Iranian hackers exploit social networks like LinkedIn, pretending to be recruiters who lure people into opening email attachments, explained John Hultquist, director of intelligence analysis at cyber security firm FireEye.
“Eventually you’ll be getting fake job information that’s actually malware or a virus that will give them a foot hold in the company’s network,” he said.
Once inside, Iranians could delete corporate data, as they’ve done to the Saudi oil company Aramco. Or shut down websites, as they did to American banks. Or expose personal private data. Or take over the power grid.
David Edelman, who teaches cyber policy at MIT, said companies right now have to warn their workers, not just IT departments, about social media risks.
“You can’t just delegate it back to the nerds. This is going to be something that every company that thinks it might be at risk is going to have to engage with every employee,” he said.
Iran is not considered the most sophisticated cyber actor, but Edelman said it has attacked and been the target of attacks, so it has “an unusual amount of experience” with hacking.