Overview
Since September 19th, five major U.S. banks have been targeted by distributed denial of service (DDoS) attacks, temporarily disabling the banks’ websites. During the attacks, no data was compromised and all transactional systems like ATMs remained operational. Initially, a Hamas affiliated group called Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for the attacks on the web application, Pastebin. The group stated that the attacks were in retaliation for the anti-Islamic film “Innocence of Muslims” and that they would continue to target banks until it was removed from the internet. However, researchers are wary of the legitimacy of the group’s claims. Although they have carried-out cyber-attacks in the past, those attacks were significantly less complex. Rather, some U.S. officials suspect that the attacks were launched by Iran and that the cyber-attacks may be a response to the unprecedented economic sanctions imposed by the U.S. and other western nations.
Recently, Iranian assets have been targeted by a barrage of cyber-attacks which the Iranian government attributes to the United States and Israel. Iran has suffered serious cyber assaults on its nuclear, oil and information networks. Iranian officials report that they were able to thwart a cyber-attack targeting the communication network of oil and gas drilling platforms in recent days. The IT head of Iran’s offshore oil company, Mohammad Reza Golshani, is currently blaming Israel for the attack. Israel will not confirm or deny the allegation. An increase in cyber-attacks could indicate an escalation of tensions between the U.S. and Iran and further complicate geo-political relationships in the Middle East and Southwest Asia.
Technical Assessment
MSA Cyber Security Expert, Andrew Donofrio made the following assessment about the scale and severity of the attacks:
It is unclear if the most recent attacks were state sponsored. Based on the volume of traffic, its geographic disparity, and the sophistication of the attack, experts can draw conclusions as to the likely entities responsible for these attacks. In this particular instance, it could have been political activism or a "dry run" - both of which may speak to a state sponsored attack.
Physical attacks in combination with cyber-attacks targeting infrastructure such as electric grids and telecommunications, can greatly complicate rescue and mitigation efforts leading to a far more devastating attack. This emphasizes the need for network security personnel to monitor networks and have a plan in place to catch attempted denial of service attacks in order to prevent outages or quickly restore network operations.
Implications
Distributed denials of service attacks are easily executed and effective. Although U.S. banks are typically well protected, the recent cyber-attacks were so powerful that they were able to overwhelm network security. The attack was reportedly 10 to 20 times the volume of an average attack. This indicates that it did not originate from a home computer and is unlikely to have stemmed from an organization such as Izz ad-Din al-Qassam Cyber Fighters. Experts assess that Iran is a far more likely culprit.
Additionally, there has been a significant increase in attacks targeting Iranian nuclear, oil and infrastructure systems. This comes at a time when tension over the country’s nuclear program is at an all-time high. Western sanctions are currently being employed in an effort to cripple Iran’s nuclear weapons development capabilities however, there is evidence that suggests Israeli and western actors may also be utilizing cyber warfare techniques to slow the progress to an effective Iranian nuclear weapon.
Cyberspace presents a new forum for transnational conflict. Instead of fighting wars with bullets, state actors are utilizing limited visibility operations such as cyber-attacks. These attacks have the capability to impact critical infrastructure and other systems vital to national security. In coming months, as tensions potentially escalate over the Iranian nuclear program, there is a strong possibility for additional cyber-attacks targeting both Iran and the western interests.