Experts urge vigilance for cyber systems amid escalation with Iran

On the night that the airstrike that killed Iran's top military leader in Baghdad, the Department of Homeland Security's Cyber arm, Cybersecurity and Infrastructure Security Agency (CISA) was already re-upping its guidance from the summer on the threat Iran poses to not only cities and towns, but also banks and other financial institutions.

They warned that it's important to sure up basic defenses during times when a cyber strike could be imminent.

“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear-phishing, password spraying, and credential stuffing,” the statement says. “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”

Wiping, according to Kiersten Todt, a former Obama administration cyber official and the managing director of the Cyber Readiness Institute, is when a company gets its computers completely wiped out with no trace of any data.

“What they do in these wiping attacks is they destroy the computers. So it's complete data destruction, network destruction. So there's nothing left now, obviously, nothing subtle about it. There is no forensic analysis. It is complete destruction,” Todt said.

Most recently, Todt pointed to when the Las Vegas Sands Corporation had its computers ‘wiped’ by Iranians after its founder, Sheldon Adelson, called for a nuclear attack on Iran.

In 2012, Iranian hackers targeted Saudi Aramco, the world's largest oil producer based in Saudi Arabia.

The attack wiped out nearly 30,000 computers, however, the company said oil production was not affected by the cyberattack.

The Federal Depository Library Program website was reportedly briefly shut down over the weekend, after the site displayed pro-Iranian, anti-U.S. propaganda, a CISA spokesperson confirmed.

“We are aware the website of the Federal Depository Library Program (FDLP), the website aimed at making government publications available to Americans, was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors,” the spokesperson told ABC News. “The website was taken offline and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners.”

These warnings from the government show the legitimate threat that the United States has from Iranian cyber actors.

The National Threat Assessment bulletin released on Iran specifically mentions the threat of cyber retaliation from Iran.

“Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States,” the bulletin posted this weekend explains.

“Iran's response will most likely include a cyber response,” Sam Curry, CSO of Cybereason told ABC News. “It would be foolish to think that Iran will simply ratchet up its offensive capabilities against the U.S. and other nations as a result of today's news. In fact, Iran is an intelligent cyber opponent with an army of people testing our systems every minute of every day. It is the ultimate game of cat and mouse. But in this instance, the consequences could be lasting.”

A utility company source told ABC News there were ongoing conversations between government entities and critical infrastructure companies, as well as among critical infrastructure companies, to touch base regarding the heightened security status and the need for vigilance in the wake of the killing.