[Security Weekly] Get ready! Time to Brace for Cyberattacks from Iran

3rd Week of January 2020


1. U.S. Government and experts warn of retaliatory cyberattacks from Iran


After U.S. President Donald Trump ordered the assassination of admired Iranian general Qasem Soleimani, the United States is bracing for an increased possibility of cyber warfare launched by Iran. According to a survey of experts conducted by The Cybersecurity 202, companies and individuals can expect serious cyberattacks from Iran over at least next few months. These attacks are said to be more likely to hit the oil and financial industries. On January 11, the Secretary of State’s office issued out warnings to all election officials on the potentials of retaliatory cyberattacks from Iran. Although no attacks were yet identified, state officials warn all governments, industries, and consumers to stay alarmed and extra cautious. 

Increased potential of cyberwarfare between the U.S. and Iran has also brought worries to American allies around the world. Countries like Iraq, Saudi Arabia, Israel, the United Kingdom, and Japan are now also at high risk of being targeted by Iranian hackers.

Source: Washington Post, The Cybersecurity 202, Fox31, Nikkei Asian Review


2. Busy week for Microsoft: Security bugs and the end of Windows 7


According to ZDNet, Microsoft has released a cumulative security update for its Windows operating system on January 14, which included fixes for 49 vulnerabilities, some of them rated as “critical”. Detected by the U.S. National Security Agency (NSA) earlier, one of the critical bugs was a vulnerability in CryptoAPI – the default Windows cryptographic library. This bug allowed hackers to create fake file signatures and launch attacks on encrypted HTTPS communications. Users are advised to download the security update as soon as possible to keep their data safe.

Another big news surrounding Microsoft is the end of support for Windows 7, leaving the operating system extremely vulnerable to cyberattacks and malware. As of Tuesday, Windows 7 has reached an official end, despite an estimated 200 million users still running on the system. Microsoft recommended all users to upgrade to Windows 10 to ensure the safety of their data. Safety risks are especially high for organizations as they hold massive amounts of data. A big challenge for large corporations is that many of them find it hard to keep track of the computers on their network and have no idea if they still have any computers operating on Windows 7 left. Remember, one computer in your network with a Windows 7 system would leave the whole network vulnerable. For companies regulated by the newly introduced CCPA, preventative measures against safety risks are mandatory. In the meantime, paid extended support from Microsoft is still available for a quite expensive price tag. But this shouldn’t be a long-term solution as it is strongly encouraged to upgrade to Windows 10 as soon as possible.

Source: ZDNet

3. Escalated tension over the debate between the U.S. government and tech industry


Back in December, a student from Saudi Arabia who was training at a U.S. naval base in Florida allegedly killed three U.S. military personnel on site while injuring eight others. The student was shot dead immediately by other military officials, leaving information available for investigation.

During the investigation of the case, the FBI did successfully recover the hardware of the iPhone used by the killer, however, it was not able to unlock the phone to check the contents. Despite the Department of Justice publicly requesting Apple to help unlock the killer’s iPhone, Apple has since then “refused” the request, providing only the user’s backed up data from iCloud as well as other transaction data. This isn’t surprising – consistent with previous cases, in order to protect user privacy, Apple leaves no backdoor on their iPhones, making it impossible for third parties to recover the contents on the phone.

Earlier this week, an intense debate between the U.S. government and the tech industry flared up, drawing public attention from around the world. This fierce battle further escalated on Wednesday, where U.S. President Donald Trump joined the fight by attacking Apple on Twitter, calling them to weaken their encryption and create backdoors on their devices that would allow law enforcement to unlock iPhones when needed. Despite pressure from the government, Apple has consistently refused to create any backdoor as an attempt to protect its users’ privacy. Tech experts, including Microsoft CEO Satya Nadella, have all stepped up to defend Apple by claiming that creating a backdoor would mean leaving a security vulnerability open, and it would be a matter of time before hackers figure out how to take advantage of it. According to a New York Times report, Tim Cook is now secretly preparing for a legal fight against the Department of Justice over defending their encryption practices.

Source: BBC, CNET, ComputerWorld