Iran’s very simplistic cyberattack makes them look pretty bad - cybersec experts

An Iranian cyberattack on Monday evening was likely an attempt to harm the government’s reputation but was undermined by its simplicity.

 THE WORLD of cyberattacks has changed in the last year.  (photo credit: Adi Goldstein/Unsplash)
THE WORLD of cyberattacks has changed in the last year.
(photo credit: Adi Goldstein/Unsplash)

Cybersecurity experts have weighed in on the Iran-attributed cyberattack that temporarily crippled government websites last Monday night. The Islamic Revolutionary Guard Corps claimed responsibility for the attack, which was said to be in retaliation for the death of two Iranian officers in Syria following a presumed Israeli airstrike.

Cybersecurity experts in the hi-tech industry were not impressed with the efficacy of the attack, but they said it could be a forerunner of future harmful strikes.

The distributed denial-of-service (DDoS) attack, which is a simple-to-execute cyberattack primarily designed to overload the target website’s capacity, rendering it inaccessible for a period of time. These kinds of attacks do not cause long-standing damage, and shortly following the onset of the IRGC’s attack on Monday, government sites returned to operational order.

“This type of attack is not considered complicated, and the damage it causes is considered minimal and has nothing to do with harming privacy or information,” said Lior Chen, director of cybersecurity at cybersecurity company Varonis. “The only thing an attack like this can achieve is the prevention of service [which ceased to work during the attack]. If it’s a critical service, it’s already becoming a significant attack.”

In most cases, DDoS attackers are trying to achieve a few specific goals, namely “reputational damage or deterrence by supposedly having the ability to, whenever he wants, bring down a site or service for a certain time,” he said.

 POSTERS DEPICT the Hezbollah, Syrian and Iranian leaders near the Lebanese-Syrian border. How can we ignore that Russia allows attacks against targets of Iran and its proxies in Syria? (credit: AZIZ TAHER/REUTERS) POSTERS DEPICT the Hezbollah, Syrian and Iranian leaders near the Lebanese-Syrian border. How can we ignore that Russia allows attacks against targets of Iran and its proxies in Syria? (credit: AZIZ TAHER/REUTERS)

IDF Col. (res.) Shmulik Yehezkel, chief critical cyber operations officer at CYE, said: “The goal of this attack was to create fear, confusion and a lack of trust in Israeli citizens with respect to their governmental service sites.”

The IRGC may have intended to harm the Israeli government’s reputation through this attack, but resorting to the use of such simplistic cyber warfare may have done the opposite, according to Menny Barzilay, a partner at Cytactic and CTO of the Cyber Research Center at Tel Aviv University.

“It is not very clear why the IRGC would conduct such an attack,” he said. “It does not improve their reputation as sophisticated cyber-threat actors. If anything, it harms it. The DDoS attack, which was very low in scale and which only affected a small number of websites, isn’t something to be proud of.”

“Yet, it does act as a reminder that the Israeli-Iranian cyber front is in a constant state of conflict, and an attack could occur anytime and anywhere,” Barzilay said, adding that Israel’s geographical distance from Iran may force any aggression to take place digitally.

“In the physical world, we have no common border, but in cyberspace, borders do not exist,” he said. “The Iranians understand that, as they are constantly improving their offensive cyber capabilities. We should all expect that Iranian attacks against Israeli targets will only increase both in frequency and sophistication.”

Around the time of the attack, a series of Persian tweets were posted on a Twitter page supposedly affiliated with the IRGC, saying that “the Zionist regime will never forget tonight,” with the hashtag, “this is just the beginning.”