After the U.S. killed Iran's second most powerful leader, trending hashtags on Twitter included things like "#WWIII," "WorldWarThree," and "Giant Bomb."
Could #IranCyberRevenge be next?
One expert we spoke with says, in general, Iran believes cyber is its most advantageous weapon against the United States.
What are Iran's cyber capabilities?
At a recent SecureWorld cybersecurity conference, we interviewed CNN Military Analyst Col. Cedric Leighton (USAF, ret.) about Iran's cyberattack powers.
It was a topic he unpacked during his conference keynote:
"So Iran's story is very interesting because they developed a cyber army that is associated with the Iranian Revolutionary Guard Corps. So the IRGC is a paramilitary organization. There are special forces troops that are part of this and they have a cyber arm.
The Iranian leadership has boasted about having this capability. And they see it as an asymmetric advantage. They understand that the United States would be a big threat to them in a normal kinetic war, but they realize that there's a degree of vulnerability that they otherwise wouldn't be able to exploit if they didn't have that cyber capability," says Leighton.
Leighton says most of the time Iran launches regional cyberattacks, but the country has attacked U.S. companies before.
"In the past, they've mounted distributed denial of service (DDoS) attacks against U.S. banks like PNC, Bank of America, JP Morgan, and they continue to have the capability to do that. So if tensions continue to increase with Iran, we can expect more cyber events to originate from Iran and from the IRGC cyber army."
Tensions have increased.
Surge in cyberattacks likely for Iran and United States
Regardless of what Iran and its cyber army decide to do, hackers around the world are likely choosing sides and launching cyber attacks out of spite against the country (Iran or the U.S.) they disagree with in this situation.
We learned about this from cybersecurity data scientist Kenneth Geers after his presentation at a SecureWorld conference. He spent more than 20 years as an intelligence analyst for the NSA, NCIS, and NATO.
"One of the first things to know, for your enterprise, if there is something happening in your city or state, or an election or military tension between your country and another, there will be malware that is on the rise, I can promise you that, within your space."
Geers says the malware is a reflection of human affairs. He knows this from studying peaks that appear in cyberattack data.
"I usually drop malware detections for countries on timelines and just look at where the spikes are. Was there something like an election or political violence? And there usually is.
In the case of North Korea, I dropped it on a timeline and then there was one huge spike in the middle of the year and literally, it was the day after Donald Trump was at the UN threatening to destroy North Korea.
Then I dug deeper and looked at the most serious types of malware on that map and I put them all together, and one of the things I found is that the single highest day for malware detection in North Korea was the very day that Donald Trump was in South Korea. Those are not coincidences."
They are, however, good reminders of what every organization should prepare for.
Thomas Hatch, CTO and Co-Founder of IT automation firm SaltStack, explains that right now we're talking about Iran, but next time it could be somebody else:
"While this situation certainly raises the threat of retaliation, it is critical to remember that international politics are extremely complicated. The threat of nation-states retaliating via cyberattacks is always present, regardless of U.S. action. Corporations need to develop and maintain a constant defensive stance because we never know what tomorrow will bring on the world stage."
All we know for now is that the difference between cyber war and physical war is fading.
[RESOURCE: State of the Phish Report 2020, web conference]