Nabugu - stock.adobe.com
News brief: Risk of Iran-backed cyberattacks rising in U.S.
Check out the latest security news from the Informa TechTarget team.
Geopolitical cyber-risk is of growing relevance for enterprise CISOs, with escalating conflict in the Middle East posing an immediate threat to many U.S. organizations.
Risk experts from Fitch Ratings and Moody Ratings warned this week that the risk of retaliatory cyberattacks on U.S. critical infrastructure, local governments and major corporations is rising. Successful attacks by Iranian state-sponsored, hacktivist and lone-wolf cyberthreat actors could disrupt essential services and shake financial markets, they added.
Cyber-risk analytics firm CyberCube identified 119 U.S. companies at high risk of being targeted -- 12% of large firms across the banking, financial, energy and utilities, oil and gas, healthcare, telecommunications and public sectors. The analysis was based on the following factors:
- Deployment of three or more technologies, such as connected industrial devices, that Iran-affiliated threat actors frequently target.
- Observable security weaknesses, such as weak passwords and poorly secured networks, that correspond to Iran's established pre-breach and post-breach activities.
Enterprise CISOs should pay attention to the convergence of geopolitical instability and advanced cyberthreats and monitor its implications for enterprise risk and cyber resilience.
This week's featured stories highlight developments in the Middle Eastern conflict that cybersecurity leaders need to know about.
'New blueprint' for modern conflict: Iran integrates cyber intrusions and physical warfare
Iran is combining cyber intrusions with kinetic operations into a unified military doctrine. According to Check Point Research, Iranian threat actors are exploiting vulnerabilities in IP cameras and using the compromised devices to plan, support and assess missile strikes.
These activities, targeting regions like Israel, Qatar and the UAE, align with Iran's broader retaliation strategy, which includes industrial control system intrusions, logistics sabotage and DDoS attacks.
Experts warn Iran's integrated approach -- using low-cost cyber operations to amplify physical attacks -- represents a new blueprint for modern conflict.
Medtech firm investigates cyber intrusion disrupting global operations
Stryker, a major medtech firm, is addressing a cyber intrusion that caused widespread outages across its Microsoft-based systems. The company activated its cybersecurity response plan and engaged external advisors to assess the impact, which remains unclear.
While Stryker does not believe ransomware or malware were involved, an Iran-linked threat actor, Handala, claimed responsibility. The attack reportedly wiped remote devices, including laptops and cellphones, and forced employees to disconnect from networks.
Stryker is working to restore systems, including its electronic ordering platform, while ensuring product safety and operational continuity. The incident highlights escalating risks to critical healthcare infrastructure.
Read the full article by Ricky Zipp and David Jones on Cybersecurity Dive.
Middle East conflict reveals cloud infrastructure vulnerabilities
Recent military strikes in the Middle East have exposed significant weaknesses in cloud resilience. Physical attacks on AWS data centers in the UAE and Bahrain disrupted operations, causing structural damage, power outages and water damage.
Experts warn that cloud infrastructure, critical to military and civilian operations, is increasingly a strategic target in modern warfare. Real-time processing and ultra-low-latency workloads in sectors such as finance, healthcare and defense are particularly vulnerable.
The incidents underscore the need for organizations to rethink disaster recovery and data governance strategies, as geopolitical risks challenge assumptions about cloud availability and resilience.
Iranian state-linked threat groups target U.S. and Canadian networks
Seedworm, an advanced persistent threat group tied to Iran's Ministry of Intelligence and Security, targeted U.S. and allied networks in the lead-up to the recent bombing campaign against Iranian assets. Researchers identified backdoors, including the newly discovered Dindoor, on networks of U.S. companies, a Canadian nonprofit and a U.S. airport.
Intrusions began in early February, with data exfiltration attempts using Wasabi, a cloud storage service, and RClone, a command-line program that manages files across cloud storage environments. Pro-Iran hacktivists have also claimed attacks on U.S. municipal systems. According to Flashpoint researchers, the financial sector has also been warned of potential DDoS attacks reminiscent of Operation Ababil.
These activities underscore heightened third-party risk and vulnerability exposure amid the ongoing conflict.
Read the full article by David Jones on Cybersecurity Dive.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Alissa Irei is senior site editor of Informa TechTarget Security.
