Experts: Amplification of opportunistic cyberattacks central to Iran’s strategy

Iranian cyber operations against the U.S. were noted by former National Security Agency Director Timothy Haugh and Armadin founder Kevin Mandia to have been mainly focused on opportunistic targeting and information campaigns meant to magnify the impact of intrusions, rather than bombastic cyber incidents, reports The Record, a news site by cybersecurity firm Recorded Future.

Such an attack playbook was evident in Iranian hackers' compromise of major U.S. medical device firm Stryker, which involved social engineering and the exploitation of valid credentials, said Haugh and Mandia at the Asness Summit on Modern Conflict and Emerging Threats.

"I'd probably draw an analogy right now, that Iran and Iran's cyber capability is closer to a criminal actor," noted Haugh. More cybersecurity incidents involving stolen credentials could be expected from Iran, according to Mandia.

"I doubt you're gonna see custom web app attacks done. I think it's gonna be logging in. I really do. It's gonna be an identity security issue," Mandia added.