Iran poses a very real cybersecurity threat to Saudi Arabia and other Gulf countries and could target key industries such as telecoms, oil, and gas, experts explained.
Saudi Arabia’s oil giant Aramco was hacked in 2012 in one of the world’s biggest cyberattacks to date. A group called Cutting Sword of Justice claimed responsibility for the attack which damaged around 30,000 computers with the aim of stopping oil and gas production.
It was never revealed where the group was from but some ten years on from the attack, the Kingdom and other countries in the region still face major cyber threats particularly from Iran which could have crippling effects.
“They’re [Iran] viewed on the world stage as a top tier critical threat,” said Bruce Schneier, security expert and fellow at the Berkman-Klein Center for Internet and Society at Harvard University. “I would take them very seriously.”
Dubai-based US company CrowdStrike is currently tracking 20 groups in Iran who could target the region for potential cyberespionage or attacks.
“The Gulf is not the only target, but it’s one of the primary ones,” Roland Daccache, systems engineering manager at the company said.
“Over the last ten years since the Aramco incident it’s been deemed that the Iranians have very good cyber capabilities.”
Out of the 20 groups that the company is tracking, around half of them are independent groups looking to extort institutions or companies for monetary gain, while the other half are state sponsored groups “focused on cyber espionage and cyber operations of a destructive nature,” Daccache explained.
Daccache said over the last four or five years in the GCC region that companies and institutions have probably seen “a tenfold increase in the number of ransomware, as well as e-crime activities.”
“It has become clear that cyber threats are only going to intensify in the near future,” he said.
Daccache explained that cyberattacks from Iran toward Saudi Arabia and other Gulf countries in a worst-case scenario could target telecommunications industries, phone networks, power supplies and electricity networks. He added that the destruction of supply chains, or attacks on oil and gas industries are always a possible target for cyberattacks.
“In a worst-case scenario, [targets] would be critical infrastructure, such as preventing the delivery of critical services to populations, whether this is electricity, energy [or] water,” said James Shires, assistant professor at the Institute of Security and Global Affairs at the University of Leiden.
“Another would be a malfunction of safety protections in industrial control systems,” said Shires, explaining that this could be tampering with systems that indicate safe levels of chemicals in factories.
“We have seen attempts by Iranian cyber threat actors to compromise water infrastructure in Israel a couple of years ago, so this is something that is on their radar,” he added.