GlobalData’s technology deputy editor Rob Scammell said that “Tensions between Iran and the US have simmered after Tehran admitted it mistakenly shot down a Ukrainian passenger jet, killing all 176 people on board.
“While the rhetoric on both sides has been dialled down, cybersecurity experts warn that any Iranian cyber-response would likely come in the coming weeks and months – not imminently.
“This is in part because Iran, in all likelihood, does not currently have the access to US computer systems that it needs to launch what it deems a commensurate response. When carrying out a cyberattack, hackers often use a process known as ‘lateral movement’ to move around the target’s network, searching for the key data and assets before striking."
Dave Weinstein, chief security officer for cybersecurity firm Claroty and a formerly of US Cyber Command, said: “Given the fact that we didn’t see anything in the immediate aftermath that was cyber-related, tells me that they probably didn’t have the assets that they needed to be able to pull off a proportionate response. So what we’ll see I think in the coming weeks and in the coming months is just more and more operations geared at gaining that access.”
In the immediate aftermath of the deadly airstrike against Soleimani on 3 January, hackers claiming to be “Iran cybersecurity group hackers” defaced a minor US government website with a picture of a bloodied President Donald Trump.
Malcolm Taylor, director of cybersecurity at ITC Secure and formerly of GCHQ, said: “We did not see much more than that, but of course it isn’t that simple. For example, it could be argued that a very strong Iranian cyber response may well have gone unnoticed – and could be in the form of laying down capability for later in case of increased tension with the US.”
This access to US networks would form a “contingency” that could be kept quiet until needed by Iran.