Thirteen days into the nationwide internet blackout, the vulnerability of digital equipment and administrative systems has reached its peak. Cybersecurity experts warn that the failure to receive security updates (patches) for laptops, phones, and servers has left the country’s infrastructure defenseless against a fresh wave of hacker attacks and ransomware.
The Great Danger at the Moment of Reconnection
Mehdi Faraji, Vice Chairman of the Tehran AFTA Commission (Information Security Management Authority), detailed the hidden dangers of this outage in an interview with the media. According to him, cutting access to global repositories has prevented domestic equipment from receiving vital operating system updates and threat identification patterns (Signatures). This means new security bugs and Zero-Day vulnerabilities discovered during these two weeks remain open in internal systems.
Faraji believes the moment the internet connects is a “Golden Opportunity for Attackers.” As soon as millions of un-updated devices connect to the global network, hackers using automated scanning tools will rapidly identify weaknesses and complete their intrusion before users have a chance to update.
The Illusion of Security in an Isolated Network
Some imagine that an internet cutoff implies complete security against foreign threats, but this security expert considers this notion incorrect. Malware and ransomware that already existed in the network or entered organizations via flash drives and external hard drives during this period are now operating in an environment without precise monitoring.
Since smart threat detection systems are not up-to-date, identifying the movements of this malware has become difficult. This dormant malware is waiting for reconnection to establish communication with Command and Control (C2) servers and initiate destructive operations such as data encryption or data theft.
A Repetition of the WannaCry Disaster?
Recalling the massive “WannaCry” ransomware attack in 2017, the Vice Chairman of the AFTA Commission warns that if security patches are not installed in time, a similar scenario could occur, potentially grounding the country’s entire critical infrastructure.
The Solution: Phased and Controlled Connection
To prevent a cyber catastrophe upon internet restoration, Faraji recommends that organizations under no circumstances open internet access suddenly and universally. He suggests a specific security roadmap:
- Limited Connection: Initially, only defensive tools like antiviruses and firewalls should connect to the internet to receive updates.
- Protection of Critical Servers: Main servers and databases should be kept on a separate network, with security patches installed manually and in a controlled manner.
- Firewall Review: Firewall rules and regulations must be reviewed to limit the movement of attackers within the network.
- Recovery Readiness: Ensure the health of backup copies and change sensitive passwords after cleaning systems.
Ultimately, the only way to reduce the risk of an explosion of cyberattacks is a managed and intelligent connection; otherwise, the security damages resulting from reconnecting the internet could be far heavier than during the blackout period.
