As the conflict between the United States and Iran unfolds, the cyberspace is bound to see ramifications. Already, Iranian apps and websites have been targeted with hacking, and Reuters has reported that U.S. banks and financial services are on “high alert” for resulting cyberattacks. Additionally, U.S. intelligence has warned that hacktivist attacks against U.S. networks are a possibility. 

As this conflict develops, where should U.S. cyber defenders focus their attention and vigilance? 

James Turgal, a 22-year FBI veteran and current VP of Global Cyber Risk and Board Relations at Optiv, explains what cybersecurity leaders can expect within the next 30 days. 

What to Expect in the Next 30 Days

According to Turgal, something cybersecurity leaders can expect is cyber activity carried out in retaliation. This activity will likely be “tied to Iranian state actors and aligned hacktivist fronts: website defacements, DDoS, doxxing/leaks, and disruptive intrusions aimed at symbolic impact and public fear.” In order to successfully carry out such a “symbolic impact,” actors may attempt to “create localized outages, safety concerns, or economic friction” by targeting critical infrastructure. 

Furthermore, Turgal predicts an increase in influence operations — often through “synthetic personas, manipulated media, and narrative amplification to widen political polarization, undermine trust in government, and inflame fear about shortages, energy prices, or domestic security” — as well as opportunistic leveraging of U.S.-facing vulnerabilities. 

Likely U.S. Targets

“Think in three buckets: impact, visibility, accessibility,” says Turgal. 

According to Turgal, the following are likely targets: 

High-Impact Critical Infrastructure (OT/ICS) 

• Energy
• Water/Wastewater
• Transportation & Logistics 
• Telecommunications 

High-Visibility/High-Symbolism Targets

• Media and Information Outlets 
• Government-Facing Services 

Enterprise Targets with High-Accessibility 

• Healthcare
• Financial Services
• Defense Industrial Base/Logistics Suppliers 

Techniques to Expect 

Turgal warns of potential techniques cyber defenders should watch for, such as leveraging known vulnerabilities, credential theft, and OT/ICS edge exploitation. He also predicts that DDoS attacks may be deployed in combination with breaches, asserting that the DDoS attacks will be used “as a distraction while intrusion/impact occurs elsewhere.” 

Another tactic cyber defenders should stay vigilant against is ransomware and/or disruptive extortion. “U.S. agencies have documented Iran-based actors enabling ransomware-style outcomes, even when the underlying objective is disruption rather than purely financial gain,” says Turgal. 

As the Iranian-U.S. conflict evolves, cybersecurity leaders are encouraged to remain vigilant and stay up-to-date on potential threats.