Dubai: Security solutions provider FireEye expects cyber threats from Iran against the US and its alliances, including the Gulf countries, are likely to increase drastically next year due to the sanctions.

With the US exiting the Joint Comprehensive Plan of Action (JCPOA), also known as ‘Iran nuclear deal’, Mohammad AbuKhater, vice-president for FireEye Middle East and Africa, told Gulf News that Iran would retaliate against the US using cyber threat activity.

“We had noticed that Iran has increased its cyber espionage capabilities and is now operating at a pace and scale with other state-sponsored advanced persistent threat (APT) groups and less capable groups are emerging and supporting the Iranian government goals,” he said.

“We noticed that some Iranian-nexus groups, which attacked the US banking sector by using DDoS [distributed denial-of-service] attacks a few years ago to steal a huge amount of money, are re-emerging again to gain infrastructure access into some organisations in the US and outside,” he said.

He urged organisations and asset operators across all critical infrastructure sectors in the US and its allies to be prepared to defend against Iranian threats against petrochemical, aerospace, oil and gas sectors.

“Based on the groups we are tracking, one factor could be hackers getting access into the petrochemical sector to steal data, become more disruptive and destructive on private companies. The second factor could be that ransomware could pick up in the region using Blockchain technology,” he added.

Even though such attacks may not happen in the immediate or near-term, he said that Iranian-nexus hackers will resume probing critical infrastructure networks in preparation for potential operations in the future.

Changing tactics

This year, the US-based company said that four groups such as APT32, APT33, APT34 and APT35 from Iran and their victims spans every sector and extended well beyond regional conflicts in the Middle East.

He said that Iranian hackers developed and deployed their own malware and when they are not carrying out attacks against their targets, they are conducting espionage and stealing data.

The nations that are on top of the list for state-sponsored attacks apart from Iran are Russia, North Korea and China, he said and added that these nations are getting smarter and their tactics keep changing.

“Russia will continue to conduct operations via social media and through more covert operations such as hacking and tactically leaking data in ways that may sow discord. We have seen that it in the US elections,” he said.

“One focus of such operations will be the Middle East, where Russia has an interest in maintaining the split between Gulf Cooperation Council (GCC) countries, especially Saudi Arabia, the UAE and Qatar, and all regional US allies.

AbuKhater expects to see many other emerging cyber nations to come to the front next year, and the primary reason will be the pressure to keep up with other nations and to develop a cyber programme similar to that of a traditional military capability.