'We are like Swiss cheese': Experts warn US amid rising Iranian-backed cyber attacks

Washington:
Following recent American strikes on Iranian nuclear facilities, US banks, defence contractors, and oil industry companies have become targets of hackers backing Tehran. While these attacks have not yet caused widespread disruptions to critical infrastructure or the economy, analysts and cyber experts warn that the situation could escalate significantly if the fragile ceasefire between Iran and Israel collapses or if independent hacking groups supporting Iran intensify their digital conflict against the US.
Arnie Bellini, a tech entrepreneur and investor, suggests that the US strikes could prompt Iran, Russia, China, and North Korea to double down on investments in cyber warfare. Bellini, CEO of Bellini Capital, emphasizes the cost-effectiveness of hacking operations compared to traditional "kinetic warfare" – bullets, planes, or nuclear arms. "We just showed the world: You don't want to mess with us kinetically," Bellini stated. "But we are wide open digitally. We are like Swiss cheese."
Hacking Groups Claim Responsibility for Attacks
Two pro-Palestinian hacking groups have claimed responsibility for targeting over a dozen aviation firms, banks, and oil companies in the aftermath of the US strikes. These groups, detailing their activities on Telegram, urged other hackers to join their efforts, according to researchers at the SITE Intelligence Group. The attacks primarily involved denial-of-service (DoS) attempts, aiming to disrupt websites or online networks. "We increase attacks from today," one of the groups, Mysterious Team, posted on Monday.
AP reports suggest that Federal authorities are on high alert for further attempts to penetrate US networks. The Department of Homeland Security issued a public bulletin on Sunday warning of increased Iranian cyber threats, and the Cybersecurity and Infrastructure Security Agency (CISA) urged organizations managing critical infrastructure like water systems, pipelines, or power plants to remain vigilant.
While Iran's technical cyber capabilities may not match those of China or Russia, it has a history as a "chaos agent," leveraging cyberattacks for intelligence theft, political leverage, or intimidation.
Independent Hackers Pose Persistent Threat
Even if a ceasefire holds and Tehran seeks to avoid further confrontation with the US, independent hacker groups could still retaliate on Iran's behalf. Researchers at security firm Trustwave have identified over 60 such groups, some with ties to military or intelligence agencies, while others operate independently.
These groups can inflict significant economic and psychological damage. As an example, Ziv Mador, vice president of security research at Trustwave's SpiderLabs, cited a post-October 7, 2023, attack where hackers penetrated an emergency alert app in Israel, falsely informing users of an incoming nuclear missile. "It causes an immediate psychological impact," Mador, based in Israel, noted, adding that economic disruption, confusion, and fear are key objectives of such operations, echoing similar patterns seen in the Russia-Ukraine conflict.
Intelligence Collection Remains a Key Objective
Beyond disruption, intelligence collection is another primary aim for hackers. Despite Iran's more modest cyberwarfare capabilities, it has repeatedly attempted to spy on foreign leaders, a trend national security experts expect to continue as Tehran seeks to understand President Donald Trump's next moves. Last year, federal authorities charged three Iranian operatives with attempting to hack Trump's presidential campaign. Jake Williams, a former National Security Agency cybersecurity expert and now vice president of research and development at Hunter Strategy, believes it would be incorrect to assume Iran has abandoned these efforts. "It's fairly certain that these limited resources are being used for intelligence collection to understand what Israel or the US might be planning next, rather than performing destructive attacks against US commercial organisations," Williams stated.
Concerns Over US Cybersecurity Preparedness
Calls to strengthen America's digital defences come amidst the Trump administration's efforts to shrink government size, leading to cuts in some cybersecurity programs and staff. CISA has placed election security staffers on leave and reduced funding for cybersecurity programs for local and state elections. The CIA, NSA, and other intelligence agencies have also experienced staffing reductions, including the abrupt firing of Gen. Timothy Haugh, who oversaw the NSA and the Pentagon's Cyber Command.
Mador highlighted that the Israel-Iran conflict underscores the importance of investments in cybersecurity and cyber offence, pointing to Israel's sophisticated cyberespionage capabilities that enabled tracking targets during its strikes on Iran.
Bellini, who recently contributed $40 million to a new cybersecurity centre at the University of South Florida, emphasized that expanding America's cyber defences requires investments in education and technical solutions to secure connected devices and networks. "It's Wile E. Coyote vs. the Road Runner," Bellini concluded, describing the ongoing cyber arms race as a contest America cannot afford to lose, "It will go back and forth, and it will never end.”
With inputs from AP