On 9 May Levi Gundert, Sanil Chohan, and Greg Lesnewich of Recorded Future provided a detailed assessment on the nature of the cyber threat from Iran titled: Iran’s Hacker Hierarchy Exposed. This report was widely cited in the press and immediately raised the bar for quality in strategic cyber threat intelligence (I saw several other reports from other sources but none held a candle to this one).
You should review the report so you can judge the quality yourself, but here are a few reasons I liked it:
- It was not based on a single source (I hate it when analysts try to assess something based only on what is seen in forensic data). This report was based on multiple relevant sources that went far beyond just technical data. Sources also included interviews with trusted people with unique access.
- The report provided historical context. History does not always predict the future, but it is important context. Previous research by other firms in the ecosystem, as well as the FBI, is also cited.
- It is informed by cultural dynamics best provided by experienced analysts who know their material.
- The report provides actionable warnings with justification for the warnings.
Some of the key insights:
- There have been times when Iran has abandoned caution. We may be in a similar situation now.
- In the past this has resulted in problems controlling the scope and scale of destructive attacks.
- There are over 50 estimated contractors vying for Iranian government offensive cyber projects.
- Targets in the U.S. may include a wide range of organizations, including banks, financial services, government departments, critical infrastructure providers and oil and energy.
That is just a brief summary. I most strongly encourage you to read the entire report at: Iran’s Hacker Hierarchy Exposed.
Now, what do you do about this threat?
You need to understand that no one is coming to save you. You need to take steps to raise your defenses now, at work and at home. There are things you can do to make it much harder for adversaries to have their way with you. Every company is different, but we have a list of best practices in cybersecurity that we most strongly recommend you review. There is almost certainly some low cost configuration changes you can put in place right now to improve your defenses. Review them at Crucial Point Cybersecurity Best Practices.
And, if you are not on distribution yet, be sure to sign up for our Cyberwar and Cybersecurity Weekly for continued strategic context.