Iran conflict: DDoS uptick

Even one week into a tenuous two-week ceasefire, hacktivist actors are using the US-Israel war with Iran to hit online targets with distributed denial-of-service (DDoS) attacks, according to new reports.

Ashley Bather, senior intelligence analyst at Intel 471, said that while the company has seen Israeli entities be targeted by “massive amounts” of attacks, organizations in the Gulf region who do business with the US have also found themselves in the crosshairs.

Intel 471’s blog breaks down how observed incidents have been claimed not only from pro-Iran groups, but also from pro-Russian ones.

DDoS attacks, Bather said, are “a very easy way for threat actors to show quick participation in any kind of form…They don’t have to sit and develop malware, or try to join a group that lets them work with ransomware or join an affiliate program—it’s very simple.”

Geopolitical cybersecurity breakdown. Cybersecurity experts have issued recommendations for professionals to ensure they protect infrastructure and systems during the continued war—and pointed to the uptick in hacktivists and concerns about a coordinated cyber war.

In recent weeks, Iran-affiliated hacktivist group Handala Hack has unleashed destructive attacks against companies and US government officials. Industry leaders have suggested establishing additional controls to prevent credential-based and more sophisticated attacks.

But, it’s just DDoS, right? Bather warned that DDoS attacks can lead to more than just a temporary disruption of services.

“DDoS attacks are mostly just disruptive, which is still something that can impact an organization, I think any downtime has impact both financially and reputational both with clients…users, or employees,” Bather said. “You’re seeing things like temporary outages, but I think sometimes you can see this as maybe an early signal of something more.”

Bather advised organizations to determine not only how a DDoS attack could impact operations, but also how the IT team can mitigate vulnerabilities, whether through baseline traffic monitoring or other techniques. It’s also worth examining the recommendations put forth by CISA for DDoS risk mitigation.