A new report released by the cybersecurity firm, Mandiant, a FireEye Company, concluded that the cybersecurity threat landscape is expanding at a rapid clip globally. This year’s report also highlighted the continuing emergence of Iranian-based attacks that are increasingly becoming more targeted.
In Mandiant’s annual M-Trends: Beyond the Breach assessment of cybersecurity trends, the company noted, “One conclusion is inescapable: the list of potential targets has increased, and the playing field has grown.”
“Cyber threat actors are expanding the uses of computer network exploitation to fulfill an array of objectives, from the economic to the political,” the report said. “Threat actors are not only interested in seizing the corporate crown jewels but are also looking for ways to publicize their views, cause physical destruction, and influence global decision makers.”
On the global actor front, Mandiant researchers pointed to an increase in activity from the Middle East and Iran specifically. In fact, “Iran-based threat actors have also grown more active over the past year,” the researchers said.
“Although Iran has long been considered a second-tier actor behind China and Russia,” the report said, “recent speculation has focused on Iran’s interest in perpetrating offensive network attacks against critical infrastructure targets.”
Suspected Iran-based cybersecurity penetrations that involved Mandiant clients have become more focused and industry specific.
“The majority of these incidents targeted the energy sector, although we have also seen these threat actors target the networks of several US state government agencies,” Mandiant said.
The firm’s researchers offer a caveat on Iranian capabilities, stating, “Mandiant’s observations of suspected Iranian actors have not provided any indication that they possess the range of tools or capabilities that are hallmarks of a capable, full-scope cyber actor.”
While Iranian-based attackers have relied heavily on publicly available tools to exploit known Web-vulnerabilities, this may indicate a constraining limitation in possible capabilities. Even so, researchers do not discount that the underlying intentions of Iranian-based attackers may well serve as an impetus to expanding capabilities and increasing the technical proficiency needed to evolve into a more persistent threat.
“Although the suspected Iran-based threat actors that Mandiant has observed appear to be less sophisticated than other threat actors,” the firm said, “they pose an ever increasing threat due to Iran’s historical hostility towards US business and government interests. The outcome of diplomatic negotiations between Iran and Western powers over their nuclear program could play an important role in Iran-based threat actors’ ultimate impact.”
Mandiant’s research report on cyber trends made it clear that the issue of cybersecurity will remain at the forefront and will persist as a issue of great concern for both the public and private sectors.
As organizations increasingly come to realize the importance of cybersecurity and take steps to mitigate weaknesses, it will likely force cyber attackers to shift tactics and improve technical capabilities across the spectrum.
As the threat landscape broadens, the challenges for cybersecurity becomes increasingly difficult and impactful for both economic and national security concerns, especially as attackers, whether state-sponsored or criminal enterprises, identify more targets, expand their operational scope and hone their cyber exploitation and penetration capabilities.