As the situation with Iran continues, I had a pow-wow with our chief technology officer about hacking.
Our firewall has a security feature called geo IP filtering which blocks cyberattacks by region; I asked him to confirm that Iran and the entire Middle East are blocked for Aegis and the same for all our clients that have these types of firewalls. Check.
This is the kind of due diligence everyone needs as wars are not all fought with drones and missiles.
The United States is currently being pummeled by cyberattacks from the Ayatollah and his cronies. We were also being pummeled before these current events.
Nevertheless, things have escalated.
In Florida, one of the most easily recognized states in our great nation, we are a ripe target.
I remember one of my first trips to Europe as a kid, a young person asked me (after telling him I lived in Florida) if I lived next to Disney World?
Anyway. There is a group known as APT 33 which is an Iranian backed hacking entity and their only mission in life is to cause disruption to our tech (along with Israel, Saudi Arabia, England, etc.).
Think about ransomware, you click an email, and all your files are frozen, and you have to pay a ransom to get your files back (no don’t do this have robust backups to restore from, don’t deal with hackers or terrorists).
This is bad but what the Iranians are going to be doing is much worse. The Iranians are going to shoot out malicious files via email that erase everything when you click. Period. Nothing to restore. No ransom. Done.
There have been fake emails sent all over the state and nation pretending do originate from the White House about a job opening (only one example), there are hackers looking for open ports in your firewall, there are other hackers trying to crack your password.
Most large state agencies have their security in a good place, but what about every third party that works with them?
It is a massive front to defend. If you want to start with the official Homeland Security report and advisory from a couple of days ago you can dive in here.
Don’t forget in 2016 the Justice Department indicted seven Iranians for a series of cyberattacks here in the U.S.
They are after ports, energy companies, the government, financial institutions anywhere they can cause the most disruption. Iran is not our No. 1 cyber-foe, but they are catching up to the Fab 3 (Russia, China and North Korea).
In Miami, local authorities are warning citizens not just about opening emails and other cyber threats; but anything suspicious in regard to local landmarks and high-profile upcoming events like the Super Bowl.
In Palm Beach, physical security is also top of mind.
The cyberwar with Iran has been going on for a long time. Let’s not forget the joint U.S.-Israel cyberattack on Iran’s nuclear program in 2011 using a virus called Stuxnet.
This virus is believed to have destroyed a fifth of Iran’s centrifuges and — if you believe online chatter —it also was said to blast thrash music for days in these nuclear facilities via computer speakers. (That’s the only thing in this column that is funny, can you imagine?)
On the other side, Iran hammered back in 2014 when they hacked into the Sands Hotel and Casino systems in the U.S., costing an estimated 40 million in damages.
It’s said that Slayer music is used in torture and cyberattacks. I get it.
Who knows what is next, on the actual warfare things could get out of hand by the time this goes to press, but will cooler heads prevail (as I think hope they will)?
On the cyberwar front, things have already gotten out of hand with the first U.S. victim being the Federal Depository Library Program. Last weekend, this small agency’s website was hacked to display a picture of the President’s face getting punched and blaming the hack on the death of Maj. Gen. Qasem Soleimani’s death by drone.
Buckle up folks — irrespective of where our leaders guide us in this crisis behind closed doors the cyberwar rages on from Tehran straight to your doorstep if you are not careful.
Tighten up your passwords, close those ports, don’t click those emails, and have a chat with your IT professional to make sure you are covering all the bases.
Make no mistake, we are at cyberwar and have been for a long time.
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].