Next Investors logo grey

Will Iran unleash a Cybersecurity tsunami on the US?

|

Published 08-JAN-2020 09:56 A.M.

|

7 minute read

Hey! Looks like you have stumbled on the section of our website where we have archived articles from our old business model.

In 2019 the original founding team returned to run Next Investors, we changed our business model to only write about stocks we carefully research and are invested in for the long term.

The below articles were written under our previous business model. We have kept these articles online here for your reference.

Our new mission is to build a high performing ASX micro cap investment portfolio and share our research, analysis and investment strategy with our readers.


Click Here to View Latest Articles

In October 2013, Sheldon Adelson, the casino magnate and prominent supporter of conservative politicians, appeared on a panel in New York in which he suggested that the US could send a message to Iran, regarding its nuclear ambitions, by detonating an American warhead in the middle of the Iranian desert.

Bloomberg reports Adelson as saying, “You want to be wiped out? Go ahead and take a tough position.”

Not surprisingly, Adelson went on to become a major supporter of President Donald Trump.

The critical implications regarding this past war of words came only months after Iran’s Supreme Leader Ayatollah Ali Khamenei said America should ‘slap these prating people in the mouth’.

In February 2014, hackers inserted malware into the computer networks of Adelson’s Sands Casino in Las Vegas.

The withering cyber-attack laid waste to approximately three quarters of the company’s Las Vegas servers, and the cost of recovering data and building new systems was reported to be US$40 million or more.

A year after the attack, a top US intelligence official confirmed that Iran was behind it.

Today, the US is again awaiting retribution from Iran, following a recent airstrike that killed Iran’s top general, Qassem Soleimani.

Iran strikes back

History will note that Qassem Suleimani was killed in Baghdad on 3 January, 2020.

Just hours later, a US government-operated website was hacked by a group claiming to be acting in retaliation for the killing of Suleimani.

There is no evidence as yet that this was an Iranian sanctioned attacked.

A spokesperson for the Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said the website was taken offline soon after the image appeared.

"We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors.”

skynews-iran-hackers-donald-trump_4883287.jpg

Whilst not a cyberattack, Iran has today officially retaliated, launching a series of rocket attacks that were fired at an Iraqi base hosting American soldiers.

“The fierce revenge by the Revolutionary Guards has begun,” Iran’s Islamic Revolutionary Guard Corps said on a Telegram channel.

“We are warning all American allies, who gave their bases to its terrorist army, that any territory that is the starting point of aggressive acts against Iran will be targeted.

“This time we will respond to you in America.”

Key infrastructure could be target of cyber attack

In this day and age Iran doesn’t need boots on the ground to seek vengeance.

Disturbingly, the Sands incident in 2014 wasn’t isolated, and Iranian hackers have continued to infiltrate presidential campaigns, universities, journalists and infrastructure.

Regards the latter, Bloomberg reported that a dam in suburban New York was a target.

Former chief technological officer of the FBI’s cyber division, Milan Patel said, “Power generation like hydro and electric, that’s where they can cause the most real world damage.”

Forbes journalist Zak Doffman believes “Iran is a credible cyber player but its decision now is whether to unleash its most potent cyber weapons on tier-one U.S. targets—critical infrastructure, government sites, military targets—risking a catastrophic response from the much more capable U.S. cyber arsenal.

“Just as in the physical domain, there will be significant debate in Teheran as to just how far to push as this point. Despite the rhetoric and the unfurling of a highly symbolic red flag of vengeance over the Jamkaran Mosque, the strategists will be taking a more cautious approach.”

This would be to avoid a more devastating response, but the threat is as real as it can be.

Iran isn’t a lone wolf.

It is also worth noting that cyberattacks have come from other sources that could be more strategically damaging.

Bloomberg quoted FBI Director Christopher Wray as saying that China had allegedly stolen so much intellectual property from US companies, including by hacking, that it was akin to stealing their way up the economic ladder.

Mid last year, USA Today reported that Russian cyberattacks were an enormous threat to the US and Reuters reported that North Korea has generated an estimated $2 billion for its weapons of mass destruction programs using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges.

With digital warfare now looming as one of the best options to strike directly at the American population, cybersecurity will be an increasingly critical focus in 2020 and beyond.

Innovative Cyber Risk Focused companies like WhiteHawk are positioned to provide next generation cyber risk monitoring and mitigation services to companies and organisations of all sizes.

WhiteHawk Limited (ASX:WHK) recently developed an advanced outside-in Cyber Risk Program, partnering with best of breed SaaS platform partners, that can be initiated within 48 hours anywhere in the world, including continuous cyber risk monitoring, prioritization, red team validation, dark net assessment and mitigation solution options, starting at $10K US a year.

It was only in November last year that the company announced the extension and expansion of a contract to provide its Cyber Risk Radar to a top 12 US defence industrial base company for supply chain risk management.

This company’s relationship with WhiteHawk extends back to 2018, and it was further strengthened in mid-2019, having negotiated a contract involving the implementation of a comprehensive 360 cyber risk framework, including an online Software as a Service (SaaS) subscription, augmented by consulting services.

Under the terms of the agreement, WhiteHawk provided quarterly Cyber Risk Scorecards for 30 additional suppliers and Risk Portfolio Reports for the top 5 suppliers.

These reports provided additional insights based on WhiteHawk Cyber Analysts performing cyber intelligence analytics on the raw data collected from the security rating providers.

Commenting on the significance of this development and the increasing relevance of cyber security, Terry Roberts, executive chair of WhiteHawk said, “Automating Cyber Risk Discovery, alerting, prioritisation and mitigation across major federal contractors should be everyone’s priority today, thereby building in resilience across the defence industry in real-time.

‘’With each implementation we are gaining important ground, demonstrating our unique and scalable approach to future government and industry customers.”

WhiteHawk provides automation across thousands of defence contractors

Step forward to 2020, and Roberts is now highlighting WhiteHawk’s ability to showcase how new Department of Defence supply chain cyber risk objectives, guidelines and certifications can be automated across thousands of defence contractors and suppliers.

The aforementioned contract negotiated with a top 12 defence industrial base company which occurred in November underlines the group’s progress in the cyber security arena.

Under the terms of the contract, WhiteHawk will provide quarterly data allowing the customer to establish a Cyber Risk Rating baseline for key supplier companies in support of federal contracts by means of continuous monitoring, alerts, prioritisation and actionable mitigation recommendations.

This approach will provide the customer with actionable intelligence, clear visibility and transparency into the cyber health and status of its suppliers in advance of tightening government benchmarks and requirements.

With WhiteHawk’s expanded cybersecurity offering, the client will also receive quarterly WhiteHawk Cyber Risk Scorecards for 150 critical suppliers and Risk Portfolio Reports across the entire population of suppliers.

These non-technical reports will provide focused and actionable risk insights based upon automated WhiteHawk Cyber Analytics and Cyber Analyst prioritisation of cyber intelligence risk indicators, across raw data collected from the WhiteHawk team of security rating providers.

These company developed quarterly reports summarise key findings and make prioritised recommendations for each supplier to act upon in order to measurably advance their cyber maturity.

In discussing this contract, Roberts highlighted that it has resulted from the strong progress the company has made in the last 12 months in expanding its integration and prioritisation of commercial cyber risk monitoring and mitigation across 150 US Department of Defence cyber organisations and professionals.



General Information Only

S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.

Conflicts of Interest Notice

S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.

Publication Notice and Disclaimer

The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.

Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.

This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.