Forecast: Wave of Cyber Hacks to Follow Iran’s Nationwide Internet Blackout; Website Security at Risk

Iran’s Nationwide Internet Blackout

Speaking to Zoomtek, Hosseini explained: “The most rudimentary impact of the internet blackout is phishing. If you do not possess a valid security certificate, phishing becomes significantly easier to execute. Attackers can create a web address similar to one lacking a valid certificate—where communication is entirely unencrypted—causing inattentive users to fall into fraud and phishing traps.”

Phishing: The Immediate Consequence of Disconnection

Hosseini views this threat as a serious precursor to broader cyberattacks, noting that Iranian websites face even graver dangers. He elaborated:

“An individual inside Iran with access to Starlink could seamlessly provide network access to external actors without any issues. For instance, an American hacker could establish a connection with an Iranian user possessing a Starlink terminal and easily conduct their operations through this gateway.”

Banking Sector Vulnerabilities

“Due to expired certificates, heavy breaches are also occurring in banks, and incidents similar to the hacks of Pasargad and Sepah banks could be repeated,” the network security expert warned.

Hosseini pointed out that since servers located within Iran have not received security updates during the blackout period, they remain highly vulnerable to hacker infiltration. He predicts that a widespread breach may occur the moment the internet is fully reconnected.

“Reports of vulnerabilities, along with professional updates and bug fixes, have been published globally. However, because we lack internet access, none of our data centers can retrieve these updates. This is not limited to servers; breaches can occur at various layers. For example, a WordPress plugin might be compromised, and users remain unable to mitigate the risk through updates.”

Looming Serious Security Threats

Hosseini suggests that security risks may threaten sites even after connectivity is restored, as news of consecutive updates has been released while Iranian users have been kept in the dark.

Although investigations indicate that data centers for a small number of organizations and certain platforms were connected to the global internet—allowing them to receive security patches—the broader threat persists. The recurrence of global internet blackouts poses severe risks to users and various businesses.

Small Businesses Without Internet Face Greatest Risk

Morteza Rezaei, Technical Lead at Zoomtek, also emphasized that a large number of small businesses, whose website licenses and certificates have expired due to lack of internet access, are facing serious security problems.

According to Rezaei, the absence of valid certificates renders the communication between users and these sites insecure. This creates a vulnerability where user data on these sites can be leaked and easily exploited.

Rezaei noted that, as is often the case, smaller companies and businesses are more susceptible to vulnerabilities. In the realm of security, small businesses are more deeply affected; the security of their websites diminishes, and consequently, public trust in them erodes.