While such attacks have not materialized so far during the current war, it could be that Iranian-aligned groups are positioning themselves to launch them, according to the report.
The main concern is wiper attacks that destroy data. Iran is known to have an arsenal of tools for carrying out these attacks, and the country launched a successful wiper attack in 2012 that impacted 30,000 workstations at oil company Saudi Aramco, per the report.
Adrian Cheek, a senior cybercrime researcher at threat intelligence company Flare, said in the report that the water, energy and healthcare sectors are most exposed because they are high-priority targets with weak baseline security. Financial services are high-priority targets but generally have stronger defenses.
Dean Valentine, CEO of application security company ZeroPath, said in the report that artificial intelligence could play a role because, within the past year, it has greatly expanded access to capabilities that enable cyberattacks that “do major damage” and “[take] down large fractions of our internet infrastructure.”
PYMNTS reported Tuesday (March 3) that the United Kingdom’s National Cyber Security Center (NCSC) warned businesses, particularly those “with a presence, or supply chains, in the Middle East,” that the outbreak of the conflict in Iran may see their interests targeted by cyber criminals.
“Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capability to conduct cyber activity,” the NCSC wrote.
In June, after the U.S. bombing of sites associated with Iran’s nuclear program, four U.S. federal agencies said that fraudsters linked to Iran may launch cyberattacks on organizations in the United States, especially those involved with critical infrastructure.
The agencies said: “Due to recent events, Iranian state-sponsored or affiliated threat actors are likely to significantly increase their distributed denial of service (DDoS) campaigns, and potentially also conduct ransomware attacks.”
The FBI’s Internet Crime Complaint Center (IC3) said in April that nearly half of all ransomware complaints it received in 2024 involved critical infrastructure organizations such as manufacturing, financial services, information technology, healthcare and government facilities.