In the days following the successful United States drone-strike attack on an official Iranian military leader, government officials warn of potential cyber threats affecting U.S. government agencies & businesses.
International political tensions may result in cyber attacks
An early January bulletin posted by the United States Department of Homeland Security outlines the current physical and cyber threat landscape, detailing precautions both businesses & government agencies should prepare for. In response to the killing of Iran military proponent Qassem Soleimani, the DHS is helping our nation by addressing the potential risks our government, businesses & citizens face on the cyber frontier.
The DHS quotes ”Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
In return, the U.S. cyber security community is coming together to further spread the awareness and make others attentive to the risks our nation faces in cyber protection and safety. The notice also advises to “be prepared for cyber disruptions, suspicious emails, and network delays. Implement basic cyber hygiene practices such as effecting data backups and employing multi-factor authentication”
Iran focuses resources on cyber attacks & hacking
The people of the United States should not be surprised at the recent highlights of Iran and their allies as strong proponents of cyber crime and skilled in cyber warfare. In recent years, Iran has established itself as a capable cyber threat leader, focusing its resources on cyber espionage, cybercrime and building and destructive data attacks. As hacker culture grows in Iran, it becomes a much more cost-effective way to promote Iranian ideals & values through successful cyber attacks.
Iran uses a variety of both common and complex attack vectors that further demonstrate their proficiency to carry out cyber attacks.
On January 6th, The New York Times reported that Iranian hackers defaced the U.S. Federal Depository Library Program with pro-Iranian messaging & political cartoons. Although this is to be considered to be a low-level attack from a nationalist Iranian hack group, it proves the desire of these groups to probe around on U.S. networks and cyber assets.
Wiper attacks
In the summer of 2019, the DHS advised the public of incoming Iranian wiper-malware attacks affecting U.S.businesses & local government offices.
Unlike encryption-based cyberattacks such as ransomware, this wiper malware is designed to completely eradicate and delete data to make it permanently inaccessible. Proven Data reported on evidence found that links Iranian IP addresses used in connection with cyber attacks here in the United States.
Probing critical infrastructure
It has been known that Iranian hackers are attempting to break into critical infrastructure systems such as power grids & water control networks. In 2013, Iranian cyber actors successfully breached a New York State dam causing alarm just north of New York City. That same year, reports of Iran using malware to target banks & financial institutions surfaced.
Iranian hacking forces are probing to see what might be possible on the topic of critical infrastructure & hacking.
Ransomware
A strong element for the Iranian cyber threat movement comes from their success in ransomware attacks on hospitals, businesses & government agencies here in the United States. In November of 2018, the two Iranian men behind the SamSam ransomware attacks were indicted on federal charges here in the United States.
With the diligence and data collection of national government agencies such as the Department of Justice, the U.S. national cyber security community is able to respond with more compliance checks and screening processes to block communication and activity between parties. This further underscores the importance of reporting ransomware to law enforcement.
How businesses & U.S. government agencies can protect themselves from cyber attacks
In the wake of political tensions between the United States & Iran, it’s important for United States government offices, agencies, departments & programs to take the extra step and safeguard their data.
We wish to inspire proactiveness which can be a preventative step to minimizing risk of falling victim to a cyber attack.
- Patch software & hardware with the latest security firmware and updates
- Address the privileged access management (PAM) for the organization and examine which accounts have elevated access
- Ensure two-factor authentication is enabled across all login credentials
- Implement email security to block phishing attacks
- Invest in an endpoint detection and response (EDR) solution to stop attacks before they are executed
- Review the data backup procedure and test to see the backups function properly and can be used to restore in the event of ransomware encryption or wiper attack. Data backups should be kept both locally (offline, non-Network attached storage) and in the cloud.
- Review & modify your incident response plan and ensure it addresses current cyber threats such as wiper attacks
If you do not have a specialized IT Security department within your organization, Proven Data can help get you up to date with the latest security protocols and proactive measures to stop cyber attacks before they occur. We also help plan for the worst in the event that attackers bypass your defenses.