No missiles or drones: Iran’s invisible army is targeting US critical infrastructure — Explained
The recent cyberattacks have made it clear that wars are no longer fought only in the skies, seas or on the ground. Conflict has taken a digital turn, where threats are invisible and unpredictable.
The US-Iran war has taken a rather unusual turn — a surge of cyberattacks targeting companies far from the battleground. On 11 March, a cyberattack on Portage, Michigan-based medical device maker Stryker disrupted its operations. Days later, a pro-Iranian group calling itself Handala claimed responsibility, saying it was in retaliation for the attacks on Iran.
The attacks on Stryker affected the company's internal Microsoft software systems, disrupting order processing, manufacturing and shipping.
Handala also claimed to have hacked the email account linked to FBI Director Kash Patel and leaked private information, including personal videos.
According to an article on The Conversation, carried by PTI, many state-linked cyberattacks are not designed to create immediate, visible chaos; rather, they are intended to build leverage.
The recent cyberattacks have made it clear that wars are no longer fought only in the skies, seas and on the ground. They have taken a digital turn, where threats are invisible and unpredictable.
How state-backed cyber attacks usually work
Most state-linked cyber attacks, including the ones launched by the US, follow a common sequence, says William Akoto, Assistant Professor of Global Security at American University School of International Service, who authored the article on The Conversation.
The first step is for the attackers to gain initial access. This can be done through methods such as phishing, exploiting known vulnerabilities or abusing weak remote access.
Once the attacker is inside the system, they try to locate the valuable data and sensitive systems. Often using administrative tools to blend in with the system, these hackers then seek higher privileges and move laterally.
This stealthy manoeuvring can make it hard for defenders to identify the actual hacker and separate them from an administrator, especially when the intruder is deliberately trying to make their actions look like ordinary activity.
The next step is establishing persistence so the hacker can access the software for an extended period. If the goal is leverage, the attackers want to survive defenders' cleanup efforts after they discover they've been hacked.
Finally, the attacker can choose what effect they want the cyberattack to have. In Stryker's case, its critical operation was halted. However, sometimes the goal is data theft rather than causing downtime. This was seen in the cyberattack case that leaked FBI Director Kash Patel's private information.
What is the solution?
In terms of the US, the country is growing its defence ecosystem, but it is more complicated than it looks.
The Cybersecurity and Infrastructure Security Agency encourages organisations to heighten their cybersecurity vigilance during periods of elevated geopolitical risk.
The agency, along with the FBI, the National Security Agency, and international partners, also publishes advisories with indicators and recommended mitigations when it sees active campaigns.
However, most critical infrastructure is owned by private companies. This has prompted the federal defence department to rely on partnerships to undertake tasks such as supporting coordinated public-private planning and information sharing on major cyber risks.
The US Congress has also called on the private sector to report security incidents more quickly so that information can be shared.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 sets reporting timelines that include reporting cyber incidents within 72 hours and ransomware payments within 24 hours after payment.
- Cyberattacks represent a new form of warfare, targeting critical infrastructure without traditional military tactics.
- The importance of public-private partnerships in cybersecurity is paramount for protecting sensitive data and operations.
- Organizations must enhance their cybersecurity measures, particularly during periods of heightened geopolitical tensions.
About the Author
Swastika is a Digital Content Producer at LiveMint, covering business news and business trends. She has always been intrigued by the numbers that drive news, which has led to a passion for covering finances as a beat - be it personal finance or corporate. Originally from Kolkata, Swastika’s love for news started at home where her family made sure she read newspapers since she was a kid. <br> With over five years of experience in digital news, and one year at LiveMint, her focus includes writing on the business and personal finance beats. Swastika is a 2020 graduate from the Asian College of Journalism, Chennai, with a specialisation in New Media. Before her current role at LiveMint, she worked at major publications like The Telegraph Online, News18.com and The Economic Times. As a Digital Content Producer at LiveMint, she has extensively covered topics like income tax, Union Budget, economy, personal finance tools and cryptocurrency. <br> Swastika’s specialisations include: <br> Corporate news: Writing and breaking stories from corporates and companies <br> Business trends: Finding what's trending in business and churning original stories <br> Personal finance explainers: Writing explainers on income tax, provident fund, etc. <br> Swastika can be followed on her <a href="https://www.linkedin.com/in/swastika-das-sharma-82a464153/">LinkedIn</a> profile as well as on X at <a href="https://x.com/swastika1005">@swastika1005</a>. She can be reached by email via <a href="swastika.sharma@htdigital.in">swastika.sharma@htdigital.in</a>.
Wait for it…
Oops! Looks like you have exceeded the limit to bookmark the image. Remove some to bookmark this image.