As a result of United States – Iranian Tension, Be Proactive to Protect Your Network
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert of potential cyber attacks in response to the current tensions between Iran and the United States.
Historically, Iran has retaliated through cyber attacks using various strategies to strike against government, defense, financial institutions, healthcare, and energy suppliers. Many businesses believe they won’t be a target of a cyber attack because they aren’t a government-related organization. However, Iranian hackers have a reputation for targeting finance and critical infrastructure. There’s also a history of hacking on behalf of the Iranian government, targeting ‘low-hanging fruit’ to simply gain media attention.
For example: February 2014 – Sands Las Vegas Corporation Hacked: Cyber threat actors hacked into the Sands Las Vegas Corporation in Las Vegas, Nevada, and stole customer data, including credit card data, Social Security Numbers, and driver’s license numbers. According to a Bloomberg article from December 2014, the attack also involved a destructive portion, in which the Sands Las Vegas Corporation’s computer systems were wiped. In September 2015, the U.S. Director of National Intelligence identified the Iranian government as the perpetrator of the attack in a Statement for the Record to the House Permanent Select Committee on Intelligence.*
*Learn more about attacks from 2011 – 2017 on US Dept of Homeland Security – Alert (AA20-006A) Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad.
What Should I Do?
In many cyber attacks, adversaries move silently and laterally. They can lurk on a network for months before making a move, depending on the framework and configurations. Due to their evolving capabilities and tactics, CISA recommends two courses of action: vulnerability mitigation and incident preparation. You can education yourself on the patterns mitigation and preparation, as well as the publicly known Iranian advanced persistent threats on Alert (AA20-006A).
Take daily action by implementing these strategies –
Audit Cloud Environments
Conduct an audit of cloud assets and look for unapproved assets that may not be patched or managed.
Monitor Remote Access
When you use public wifi and Remote Desktop Protocol, you open your computer to risky ports; these devices can be difficult to detect because they occur outside of your organization’s IP.
Disable Unnecessary Ports + Protocols
Review network security device logs and determine whether to shut off unnecessary access. Monitor common ports + protocols for command and control activity.
Patch externally facing equipment.
Focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service on externally facing equipment.
Ensure all backups are up-to-date and stored in an easily retrievable location that is air-gapped from your organizational network.
DHS CISA – Alert (AA20-006A)
“CISA recommends two courses of action in the face of potential threat from Iranian actors: 1) vulnerability mitigation and 2) incident preparation.”
Avoid Social Engineered Phishing
Phishing attacks may also appear to come from organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as political elections, natural disasters (ie. fires, floods, etc.), health scares (ie. Corona Virus), and economic concerns (ie. IRS scams).
- Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.
- Do not follow the link provided. If an unsolicited text message or email asks you to verify your account information, go to the company’s website to log into your account or call the phone number listed on the official website.
- Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
- Carefully scrutinize all electronic requests for a payment or transfer of funds.
- Be extra suspicious of any message that urges immediate action.
- Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.
- All users should keep systems and software up to date and use a good anti-virus program. These programs are not foolproof, however, and computer users themselves often help cybercriminals get through these safeguards.
Own IT. Secure IT. Protect IT.
Let’s talk Managed IT.
We emphasize accountability and the importance of taking proactive steps to enhance cybersecurity workplace and at home. Altek can analyze your current infrastructure, network security, and office technology to create a plan that aligns with your company’s needs while staying within a monthly budget.