By Stefanie Schappert
From hospital supply chains to payment networks, the latest Iran-linked cyber threats show how geopolitical retaliation can disrupt the companies and services people depend on every day.
Verifone and Stryker Bring Cyberwar Closer to Home
Verifone and Stryker are the clearest signs yet that cyberwar is no longer confined to government agencies or military systems.
In less than a day on Wednesday, the Iran-linked hacktivist group Handala claimed attacks on both companies – Verifone, a major payments provider with strong ties to Israel, and Stryker, one of the biggest medical technology firms in the US.
In Stryker’s case, the fallout appeared far bigger than ordinary corporate IT downtime.
The group claimed it wiped more than 200,000 systems, servers, and mobile devices and stole 50TB of data. It also said the attack forced shutdowns across Stryker offices in 79 countries, though Stryker says it operates in 61 countries and impacts more than 150 million patients annually.
What’s more, more than 5,000 workers at Stryker’s Ireland hub were reportedly sent home, while healthcare providers in the US struggled to order surgical supplies through the company, according to KrebsOnSecurity.
AOL reported that the disruption also affected Lifenet, a platform used by emergency responders to send patient data to hospitals.
That is what makes this story more than another burst of geopolitical cyber noise – it shows how retaliation abroad can hit the companies and systems ordinary people rely on every day.
Iran-Linked Threats Are Already Multiplying Online
The threat is not limited to one or two headline-grabbing incidents. In an early March advisory, Sophos warned that likely tactics could include website defacements, DDoS attacks, ransomware, destructive wipers, hack-and-leak operations, phishing, and password spraying.
Researchers also say the infrastructure for the next wave may already be in place. ThreatLabz identified more than 8,000 newly registered domains tied to the Middle East conflict, warning that many may still be “weaponized or used in threat campaigns in the near future.”
The lures include fake news blogs, conflict-themed malware files, and other content designed to exploit panic and curiosity while tensions remain high.
At the same time, more sophisticated Iranian-linked operators do not appear to be starting from scratch.
In my recent Cybernews reporting on Seedworm, the Iran-backed espionage group was found maintaining access to multiple organizations since early February – before the current escalation became front-page news – with targets spanning banking, aviation, technology, and nonprofit organizations.
The Easiest Way in Is Still Human Error
Cyberwar is no longer a niche story about espionage and classified systems, but has moved into the mainstream.
US cyber agencies warned last June (after the US bombed Iran’s nuclear facilities), that Iranian cyber actors often exploit familiar weaknesses – including unpatched software, known vulnerabilities, and default or commonly used passwords on internet-connected accounts and devices.
Those risks are also getting easier to scale.
CrowdStrike’s latest threat reporting says AI is “scaling attacks and lowering barriers to entry,” turning it into both a force multiplier for cyberattacks and a new attack surface.
AI is allowing threat groups to move faster, generate more convincing phishing lures, and automate more of the attack chain than many defenders are prepared for.
We have seen this playbook before. Russia’s GRU-linked Sandworm hackers were blamed for disruptive attacks on Ukraine’s power grid, including a 2022 incident that researchers said coincided with missile strikes and triggered power cuts.
And after the October 7 attacks, US agencies warned that Iran-linked actors had targeted US water and wastewater facilities by exploiting Unitronics PLCs used in industrial control systems.
All because the PLCs were Israeli-made – once again, proving how quickly geopolitical cyber retaliation can move from symbolism to systems that touch everyday life.
For organizations, that means patching faster, locking down internet-facing devices, turning on MFA, and training employees on the latest phishing lures.
For everyone else, it is a reminder that human error is still one of the easiest ways in – and that the next disruption may hit not a government target, but the companies people depend on without thinking twice.
ABOUT THE AUTHOR
Stefanie Schappert, a senior journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity, immersed in the security world since 2019. She has a decade-plus experience in America’s #1 news market working for Fox News, Gannett, Blaze Media, Verizon Fios1, and NY1 News. With a strong focus on national security, data breaches, trending threats, hacker groups, global issues, and women in tech, she is also a commentator for live panels, podcasts, radio, and TV. Earned the ISC2 Certified in Cybersecurity (CC) certification as part of the initial CC pilot program, participated in numerous Capture-the-Flag (CTF) competitions, and took 3rd place in Temple University’s International Social Engineering Pen Testing Competition, sponsored by Google. Member of Women’s Society of Cyberjutsu (WSC), Upsilon Pi Epsilon (UPE) International Honor Society for Computing and Information Disciplines.
Cybernews is a globally recognized independent media outlet where journalists and security experts debunk cyber by research, testing, and data. Founded in 2019 in response to rising concerns about online security, the site covers breaking news, conducts original investigations, and offers unique perspectives on the evolving digital security landscape. Through white-hat investigative techniques, Cybernews research team identifies and safely discloses cybersecurity threats and vulnerabilities, while the editorial team provides cybersecurity-related news, analysis, and opinions by industry insiders with complete independence. For more, visit www.cybernews.com.
There Is A Deepfake Attack Every 5 Minutes Says Unidata
Posted in Commentary with tags Unidata on March 12, 2026 by itnerdDeepfake fraud incidents jumped 257% in 2024 alone. In Q1 2025, more deepfake incidents were recorded than in all of 2024 combined. A deepfake attempt now hits an identity verification system every five minutes.
This is why iBeta Level 3 was launched in mid-2025 — the most demanding face anti-spoofing certification ever created.
Here’s what makes it unlike anything before:
For context: Level 1 testers spend $30 and 8 hours. Level 3 has no cost ceiling.
The financial stakes are real: generative AI fraud losses are projected to hit $40 billion in the US by 2027. Deepfakes already account for 40% of all biometric fraud attempts. The tools to create them are cheap, accessible, and getting better every month.
They have published a detailed breakdown of what Level 3 actually tests, how it compares to previous standards, what vendors keep getting wrong before certification, and — perhaps most overlooked — why children’s biometrics remains a dangerous blind spot with no official testing track.
Full article: https://unidata.pro/blog/ibeta-level-3-new-standards/
Leave a comment »