Iranian President Ebrahim Raisi has acknowledged a massive cyber attack that disrupted gas stations across the country, blaming it on an anonymous country that is allegedly seeking to create unrest and disruption.
The attack disabled a system that allows consumers to purchase subsidized fuel with government-issued electronic cards.
The semi-official ISNA news agency reported that buyers encountered an encrypted message that read “cyberattack 64411”. The numbers represent a hotline to Iran’s Supreme Leader Ayatollah Ali Khamenei who answers questions about Islamic law.
ISNA then withdrew the report claiming that she was also the victim of a cyber attack, a tactic frequently used to avoid offending powerful clergy.
Observers noted that the attack occurred near the second anniversary of the deadly protests sparked by rising fuel prices in November 2019.
According to President Raisi, the incident highlighted the need for his country to prepare for cyber warfare.
Most Iranian gas stations resume operations after devastating cyberattack
The official IRNA news agency reported that 80% of gas stations would be operational by the morning of November 27.
Reuters reported that half of Iran’s gas stations resumed operations manually on November 27 after the cyberattack that compromised their smart systems, causing disruption.
The attack coincided with social media videos believed to show hacked electronic signs reading “Khamenei, where is our gasoline?” Other hacked signs reportedly showed “Free gasoline at Jamaran gas station.” The late Supreme Leader Ayatollah Ruhollah Khomeini is from the region.
Iranian cyberattack sparked long queues and rumors of price hikes
According to local media, the attack caused long lines at gas stations across Iran. A senior Iranian official said the attack disrupted the country’s 4,300 gas stations. State television also broadcast long lines of cars waiting to refuel at a gas station in Tehran.
However, the Petroleum Ministry claimed that the attack affected only gas stations that accepted smart cards for subsidized fuel, and motorists could purchase gasoline at high prices at other stations. It also allayed fears of rising gasoline prices.
International sanctions make Iran vulnerable to cyber attacks
Iran has faced multiple sanctions from the international community for its nuclear ambitions. These sanctions have made it difficult for the country to acquire new technologies to protect its infrastructure, leaving it vulnerable to cyber attacks.
However, the country insists it is on high alert for online attacks from its traditional opponents.
No group has admitted to being responsible for the attack. However, the secretary of the Supreme Council of Iranian cyberspace, Abolhassan Firouzabadi, was convinced that it was led by a foreign country.
“I have never seen an attack on the gas station pumps themselves, which seems to be the case (the ‘cyberattack’ message appearing on the pumps should most likely be loaded into the software that runs the dispensing / pumps or the verification network card), ”said Jonathan Couch, senior vice president of strategy at Threat Quotient. “The approach is unique in my experience and I hope more information will be disclosed about where the attack actually targeted. It does not appear to be an attack on OT networks (mining, production or distribution) that supply gas stations.
“I think this attack could be the actions of a nation state seeking to undermine government confidence, but my gut tells me it could just be activists in the country. It will be interesting to know if more information is released about the attack: is there some kind of cybercrime angle to the attack where money was actually made and it was made to look like activists? “
The United States and its allies have historically blamed Iran for multiple cyber attacks on government infrastructure. Likewise, Iran has counter-accused its enemies, the United States and Israel, of being responsible for multiple cyberattacks.
“It would be interesting to see who claims responsibility for this attack,” said Steve Daniels, vCISO manager at Cyvatar. “This seems to be politically motivated and underscores for me the need to effectively manage the security of critical national infrastructure. “
Earlier this year, Iran’s transport ministry and rail services suffered cyber attacks in July. Hackers also posted the Iranian Supreme Guide’s issue as a hotline for more information.
These incidents bore the mark of the latest attack on Iranian gas stations that read cyberattack 64411, an issue associated with Khamenei.
“It is possible that the attack, like a previous one against the rail system, was carried out from abroad,” Firouzabadi noted.
Israeli cybersecurity firm Check Point attributed the latest cyberattack to a hacking group named Indra, the Hindu god of war. The wrong attribution of a cyberattack could lead to retaliation against the wrong adversary, further exacerbating tensions in the Middle East, which are still close to the tipping point.
“It is still very early in the timeline of the incident, and information on the root cause and details of this incident will remain scarce for some time,” said Tim Erlin, vice president of strategy at Tripwire. “We should expect that Iran will only share information that it deems beneficial and that there will be a lot of speculation about what really happened here.
“In the end, it’s hard to get much out of this incident today, other than a growing body of evidence that infrastructure is the next big surface for cyber attack. Organizations that manage critical infrastructure need to ensure their systems are hardened, as this helps protect the integrity of digital assets and guard against threats and vulnerabilities.