“We will be forced to protect a very different attack surface globally”, admits Google’s top threat intelligence officer. United Kingdom also warned of changes in cyber threat.
Iran is expected to respond to recent airstrikes by the United States and Israel with cyber attacksaimed at a wide range of targets in the Middle East and elsewhere in the world.
The alert comes from Google itself, more specifically from John Hultquisthead of threat intelligence at Google, who at an event in London organized by the Royal United Services Institute (RUSI) said he has no doubt this will happen.
The discussion, initially centered on the risk of Russian cyber sabotage in Europe, ended up, according to , being dominated by the escalation of the regional conflict and Iranian cyber capabilities.
According to Hultquist, Tehran has long been considered a relevant state actor in cyberspace, with a long history of espionage operations and other malicious campaigns against Western countries.
In the current situation, the “fully” expected response will not depend on new tools, but rather on a change in the focus of the targets.
“You won’t see any secret weapons; it won’t be much different from what we’ve seen in recent years. What changes is the target”he stated.
The analyst maintains that, in addition to Israel and the USA, Gulf countries — including members of the Gulf Cooperation Council, such as the Qatar, Bahrain, the United Arab Emirates and Kuwait, as well as Jordan, are expected to be particularly exposed.
These countries host US military bases and since the beginning of the conflict have been mentioned in the context of Iranian retaliations in the region. For Hultquist, the likelihood of facing aggressive cyberattacks increases, especially because some may not have the same level of cybersecurity maturity as Israel. But the potential impact predicted by Google has global scale.
“Before we were talking about attacks on a small state with an incredibly mature security capacity [Israel]. Now, we are talking about a series of other targets, which may not have the same maturity. This means we will be forced to protect a very different attack surface globally.”
The use of “plausible deniability” structures across seemingly independent groups. Hultquist describes a gray zone between the Iranian State and cybercrime or hacktivism collectives, exploited to conduct offensive operations without blame.
“They are very good at playing in this misty space”explains the person responsible.
From his perspective, an increase in actions attributed to hacktivist fronts that, in practice, work is expected “facade” for the Islamic Revolutionary Guard Corps (IRGC), as well as ransomware incidents that may hide broader objectives than simple extortion.
“I expect these attacks to occur in the US, the Gulf Cooperation Council (GCC) countries and any other country that has drawn Iran’s ire right now. All of a sudden, they have a huge attack surface at their disposal, so they’re going to carry out these attacks,” Hultquist added.
This Monday, the United Kingdom’s National Cyber Security Center (NCSC) called on organizations to reassess their cybersecurity posture, particularly those operating in the Middle East or depending on supply chains in the region. The organization warned of an “increased risk” of indirect threats, and recommended preventive measures to reduce exposure and strengthen resilience.
“There is almost certainly an increased risk of an indirect cyber threat to organizations and entities that have a presence or supply chains in the Middle East,” the NCSC statement reads.
