U.S. Businesses Brace for Impact from Iranian Cyberattacks
… what actions MSSPs can take or recommend to their customers:
- “Be extremely vigilant, upgrade aging security systems, and understand new hacking techniques that target applications during runtime and leave few clues behind,” said DeMeo.
- “Use a data-centric security approach that ensures data is kept secure and private, especially since traditional security measures such as strong authentication, firewalls and data-at-rest encryption are unlikely to deter access or theft going forward,” advised Poschman.
- Use defensive tactics which “include keeping software and firmware up to date, using firewalls and antivirus, encrypting data, access control with least privilege, using strong and unique passwords, intrusion detection, and educating all staff on how to detect phishing messages as well as a policy for dealing with them. High-risk organizations might want to hire white-hat hackers to test their systems for security holes and oversights. Businesses should also have a disaster recovery plan for when things go wrong,” said Bischoff.
- “Keep in mind U.S. CERT’s ongoing bulletins regarding Iranian cybersecurity threats, which consistently warn industry as to their go-to access methods — phishing attacks and password spraying. Critical infrastructure must remain vigilant and utilize security solutions such as air gaping, deploying endpoint protections and training employees to spot and report social engineering and potential insider threats,” advised Smothers.
MSSPs should consider conducting detailed reviews of their clients’ defensive postures given the expected upswing of nation-state attacks. CISA recommends a two-pronged defensive approach: vulnerability mitigation and incident preparation. Specifically, CISA recommends the following mitigations: Disable all unnecessary ports and protocols, enhance network and email monitoring, patch externally facing equipment, log and limit PowerShell usage, and ensure backups are up to date.
But keep in mind that other attackers are lurking in the hopes of exploiting U.S.-Iran tensions.
“We can also expect that non-Iranian attackers will use the emotional tensions around the situation to craft phishing attacks designed to install malware or steal credentials. This is often the case around emotionally charged situations such as this,” said Erich Kron, security awareness advocate at KnowBe4.