In the wake of a U.S. drone attack last week that killed Iranian Major General Qasem Soleimani, Iran vowed retaliation. On Tuesday, Iran waged missile strikes against bases in Iraq housing American troops. But cyberattacks could be looming as well. As a result, organizations – especially healthcare entities and units of government that have been particularly vulnerable to ransomware attacks – need to be on guard against destructive “wiper” attacks along the lines of those waged earlier by Iran, says Caleb Barlow, CEO of the security consultancy CynergisTek.
And those attacks could be carried out not just by attackers affiliated with the nation-state, but also by rogue hackers who sympathize with the Iranian government, he says in an in-depth interview with Information Security Media Group.
Wiper malware is malicious code designed to overwrite systems or otherwise leave them unusable and unrecoverable (see: DHS: Conflict With Iran Could Spur ‘Wiper’ Attacks).
Intelligence officials have attributed at least two such major attacks to Iran: a 2012 attack against Saudi Aramco that destroyed 30,000 computers as well as an attack against Las Vegas Sands casino in 2014 after its owner suggested Iran should be hit by a nuclear strike.
Following last week’s killing of the Iranian general, “the intent of any retaliation would be either influence or political,” Barlow says. Iran would want to “generate as much chaos as possible.”
Like a ransomware attack, a wiper attack makes systems and data inaccessible, but “there’s no getting it unlocked,” he explains. “You can’t even restore from back-ups in these scenarios because the malware destroys the boot record of the device.”
In the interview (see audio below photo), Barlow discusses:
- Spotting a potential wiper attack before the most damage is inflicted;
- Steps organizations should take to better prepare for and defend against wiper attacks;
- Why most cyber insurance policies don’t cover nation-state attacks.
Barlow has previously worked with companies dealing with Iranian cyberattacks, including wiper attacks. Before joining CynergisTek in 2019 as president and CEO, Barlow led the IBM X-Force Threat Intelligence organization. In 2018, Barlow invented the Cyber Tactical Operations Center, a training, simulation and security operations center on wheels. He also led the integration efforts of multiple IBM acquisitions. Earlier, Barlow held leadership roles at two startups: Syncra Systems, which is now part of Oracle, and Ascendant Technology, which was acquired by Avent.