“In the cyber world, there’s no such thing as a ceasefire,” Bolukbas told reporters.

Bolukbas is the chief technology officer and founder of Black Kite,a cyber-risk intelligence firm that assesses businesses’ third-party supplier risks.His company collaborates with the US National Security Agency (NSA) to share threat intelligence, a common practice among private security firms.

Before founding Black Kite in 2016, Bolukbas worked for NATO as part of its counter-cyberterrorism task force.

The Threat from Home IoT Devices

Smart TVs and other home IoT devices can be easily compromised and used to build a botnet for distributed denial of service attacks, or a massive network of connected boxes to route traffic and launch cyberattacks against high-value targets.

The NSA is known for having the biggest zero-day arsenal on the planet

“It’s very unlikely that they can launch a elegant attack against the NSA,Pentagon,or those kinds of bigger organizations,” Bolukbas said. “Those are outside of Iran’s reach unless Russia or China backs them,” which he believes is also highly unlikely.

Bolukbas explained that it is not in the best interest of Russia or China to give Iranian cyber operatives access to some critical American network after they did the dirty work of breaking in, or blowing a zero-day exploit to aid Iran. Moscow and Beijing would likely want to save this stealthy access and/or cyber weapons and use them at a time that will benefit their geopolitical or military goals.

“Iran is alone in this game, but they can go after the low-hanging fruit,” Bolukbas said.

Stuxnet and the US Cyber Doctrine

Bolukbas noted that while “we haven’t seen any ceasefire happening” in terms of Iranian cyber campaigns, especially when it comes to phishing for high-value individuals’ credentials and sensitive military info,”we also do this,” referring to the United States.

He cited Stuxnet, a malware deployed against Iran’s nuclear fuel centrifuges, was a joint american-Israeli op. “And that, of course, was during a ceasefire. We were not in a war with Iran,” Bolukbas said.

“The US has the biggest cyber army, strategic or talent-wise,” he added. “the NSA is known for having the biggest zero-day arsenal on the planet. We have a doctrine on something called defense forward that says if we see something in cyberspace that can disrupt us, we’re going to attack it first, and we have that under US Cyber Command’s mission.”

While bolukbas doesn’t expect to see the US unleash any major cyber weapons against Iran at this point in the conflict, he suspects cyber espionage, influence operations, hack-and-leaks, and poking holes in Iran’s military and cyber infrastructure are all regular occurrences.

He contended that the US didn’t enter the Iran-israel war with bombs, “That was started in cyberspace a long time ago.”

Bolukbas also has advice for network defenders to protect against iranian cyber threats. “Be careful with phishing attacks,” he said. “That’s very common because iran doesn’t have a lot of zero days, so they go heavy on social attacks. Be careful what you’re clicking on.”

Second: don’t believe everything you read or see, according to Bolukbas. Iran, along with Russia and China, are getting really good at using generative AI for fake news and social media posts that aim to manipulate public opinion.

“Last but not least: patch your systems, including IoT for end users and residential people,” Bolukbas said.”Patch your external-facing systems quickly, not a week or 10 days or a month later, because time is ticking from the day that the vulnerability is disclosed. Iranian groups are trying to develop an exploit. If they develop the exploit before the patch, they’re not going to hesitate to use that.”