​2019 security threats? Expect Iranian 'kittens' to follow the money

The resumption of sanctions against Iran means the US financial sector faces renewed threats.
Written by Andrada Fiscutean, Contributor

Watch out for Iranian hackers next year, says CrowdStrike CTO Dmitri Alperovitch.

Iranian attackers may well be targeting banks and crypto-exchanges in 2019 in response to the sanctions the US has recently reinstated, according to the security company's founder.

"It's highly likely that Iran will resume its destructive attacks against the US financial sector," Alperovitch told ZDNet at this week's inauguration of the company's office in Bucharest, Romania.

Iranian-based hacking groups, which CrowdStrike calls 'kittens' after the famous Persian cat, have recently been engaged in persistent waves of attacks against Saudi Arabia. And the US might be next, said Alperovitch.

Other companies such as FireEye, Recorded Future, and Accenture also predicted or noticed an increase in activity and capabilities of Iranian hackers following the US sanctions.

"We had a wave of denial-of-service attacks back in the 2012 and 2013 timeframe from Iran against the US financial sector in response to the sanctions that were in place back then," said Alperovitch.

"Now that [the sanctions] have been reconstituted, we may very well see Iran going back to those tactics."

In May, US president Donald Trump decided to withdraw from the 2015 nuclear deal. And the sanctions lifted by the Obama administration were reimposed in two waves.

First, in August, the restrictions targeted the aviation industry, the purchase of US currency, and gold trading. Then, in November, the second round of sanctions was aimed at oil exports.

Iranian president Hassan Rouhani said last week that, "America's withdrawal from the [nuclear deal] is undoubtedly a clear example of economic terrorism".

SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | download the PDF version

In addition to Iranian state-sponsored hackers, NATO member countries should also pay attention to North Korea, Russia, and China in the coming year, Alperovitch said.

"[North Korea] is the most innovative cyberthreat actor out there. It is not as good as Russia or China, but frankly anyone that can build nuclear weapons and missiles shouldn't be underestimated."

Alperovitch said governments shouldn't shy away from attributing cyberattacks, and that the US could take the lead. "Governments have sources that private companies can never have, and they can actually inflict punishment."

In his opinion, cybersecurity providers should also say who is behind an attack, as their customers are interested in knowing how geopolitical events may affect the nature of the cyberthreats they face.

As for government imposing backdoors, a debate that is likely to continue in 2019, Alperovitch thinks it's a "really bad" idea.

"Once you introduce a backdoor, not only your law enforcement can have access to it, but others can figure this out, too," he said. "We are completely opposed to backdoors and any weakening of security technologies."

Alperovitch was in Romania on Tuesday evening for a ribbon-cutting ceremony that marked the official opening of CrowdStrike's office.

Abigail Rupp, the deputy chief of Mission at the US Embassy in Bucharest, and Alexandru Petrescu of the Romanian ministry of Communication and Information Technology, joined the event.

CrowdStrike currently employs over 30 people in Romania, a country on NATO's Eastern European border, but plans to hire 30 more in 2019.

The local team is built around security engineers Daniel Radu and Horea Coroiu, who sold their startup to CrowdStrike in June 2016.

"They bought us after only six months of activity. The startup was some kind of Google for the security industry," Coroiu told ZDNet.

CrowdStrike is also considering opening a second office in Romania, in Cluj-Napoca, next year.


Dmitri Alperovitch, center, at the ribbon-cutting ceremony marking this week's official opening of CrowdStrike's office in Bucharest.

Image: Mircea Maieru/CrowdStrike

Previous and related coverage

Why Microsoft is fighting to stop a cyber world war

The tech industry is becoming more vocal about its worries about a cyberwarfare arms race. But are the right people listening?

Facebook removes more Iran-linked accounts, this time targeting the US & UK

Facebook said it detected this second Iran-linked campaign a week ago.

How allies and Iran are reacting to U.S. withdrawing from nuclear deal

President Trump announced Tuesday the U.S. is withdrawing from the Iran nuclear deal. Iran's president Hassan Rouhani maintains his country has complied with the deal and said it wouldn't immediately withdraw.

Iran likely to retaliate with cyberattacks after nuclear deal collapse

Businesses in the US, Europe, and their allies -- like Saudi Arabia and Israel -- are also at risk of cyberattacks.

Huawei CFO granted bail in Canada as China detains Canadian

A Canadian court has granted bail to Huawei CFO Meng Wanzhou after her arrest in Vancouver on behalf of US authorities.

Iran's tech boom: Amid blocks on Apple, Facebook, Google, new apps are emerging

Serving a largely young and educated population, Iran's tech startups are on the rise.

Can Russian hackers be stopped? Here's why it might take 20 years TechRepublic

Deterring hackers is almost impossible when the rewards are so great and the risks are so low. Can anything stop them?

Influence campaign from Iran is huge, report says CNET

Our problem with fake accounts is much bigger than we thought.

Editorial standards