Iranian threat actors pose a major threat to the UK, especially its petrochemical, utilities and finance sectors, a new parliamentary report has warned.
The Intelligence and Security Committee (ISC) report published yesterday comes at a turbulent time geopolitically, following Israeli-US strikes on Iranian nuclear facilities.
Based on evidence collected from experts up to August 2023, it acknowledged that, at the time of writing, the UK was “not a top priority for Iranian offensive cyber activity,” but that “this could change rapidly in response to regional or geopolitical developments.”
It noted: “If Iran decided to conduct an offensive cyber-attack on an adversary such as the UK, the petrochemical, utilities, and finance sectors could be at risk. According to the National Cyber Security Centre (NCSC) it is unlikely that all UK entities are able to detect or defend against Iranian offensive cyber activity.”
Read more on Iranian threats: UK and US Warn of Growing Iranian Spear Phishing Threat
The report claimed that government complacency has previously allowed Russian “pre-positioning” for an attack on UK critical national infrastructure (CNI), and that “it is vital that the same mistakes are not made in relation to Iran.”
Although Iran is not as “sophisticated” a cyber actor as China or Russia, it still poses a “significant” threat to the UK, using simpler techniques to exploit the basic vulnerabilities that many organizations still have, the ISC continued.
It also warned of the threat not only from “state-controlled actors” but also “private cyber actors working for personal gain or perceived state intelligence requirements.”
Raising the Bar
The report concluded with a call for UK organizations to “raise the resilience bar,” citing the work of the NCSC as critical in helping them to do so, and the National Cyber Force (NCF) as a potential offensive cyber actor that could respond to Iranian aggression.
“The UK must raise the cost to Iran of it launching a cyber-attack on the UK, so as to deter it from doing so: public attribution of attacks is a valuable tool (albeit not without risk),” it noted.
Dan Schiappa, president of Technology and Services at Arctic Wolf, said all sectors should be on high alert for Iranian attacks given previous destructive wiper attacks, misinformation campaigns and attacks on CNI.
“We have already seen how supply chain attacks can disrupt some of the largest companies, so even the smallest businesses should take this warning seriously. This includes patching known vulnerabilities, improving network visibility and ensuring threat detection and response capabilities are in place,” he added.
“Reviewing and hardening all externally facing infrastructure to reduce attack surfaces is also critical. These threat groups are ultimately only going to get more advanced as the nation state landscape evolves – and the UK, and wider West, must be prepared.”
Graeme Stewart, head of public sector at Check Point, said the report wouldn’t come as a surprise to those tracking Iranian actors.
“They’re among the most aggressive and unpredictable players in the cyber world; skilled, well-resourced, and increasingly emboldened,” he added.
“In moments of geopolitical tension, they move quickly. Right now, with Iran under pressure and the West in their sights, the conditions are perfect for an escalation in digital aggression.”
