In light of the current tensions between the Islamic Republic of Iran and the United States, on Monday, January 6th, the Cybersecurity and Infrastructure Security Agency (CISA) shared important facts and preparatory information with the cybersecurity community in preparation for any potential Iranian strike back. This alert follows National news pertaining to the killing of Iranian IRGC-Quds Force commander Qassem Soleimani via a US drone strike.
Iran has long been recognized among four countries that pose the largest cyber threat to the US; grouped with China, Russia and North Korea. CISA reports “Iran has a historic use of cyber offensive retaliatory activities,” and makes the following recommendations to promote heightened cyber protection:
- Adopt a state of heightened awareness and threat intelligence.
- Increase organizational vigilance to identify malicious or suspicious behavior.
- Implement an employee incident reporting processes.
- Develop and exercise organizational incident response plans.
Furthermore, CISA compiled a list of actionable technical recommendations to mitigate vulnerabilities and adopt a preparatory cybersecurity position:
- Disable all unnecessary ports and protocols as identified by network security logs.
- Enhance monitoring of network and email traffic by adjusting filtering rules.
- Patch critical and high vulnerabilities on externally facing equipment.
- Log and restrict usage of PowerShell, only granting access to necessary user accounts.
- Ensure organizational network backups are up to date and properly stored for easy retrieval.
For more information regarding the above listed recommendations, outlining patterns of known Iranian threats or technical details pertaining to Iran’s Cyber activity and threat profile, please see CISA’s complete alert (AA20-006A).
Iran is a credible offensive threat
It is safe to assume Iran is capable of disrupting a large company’s corporate networks for days to weeks. Just last year, a worldwide threat assessment of the US intelligence Community warned “Iran has been preparing for cyberattacks against the US and our allies.” Historically, the most high-profile cyberattack was set in motion in 2012. At that time Iran was accused of conducting data-wiping attacks against two global oil companies (Saudi Arabia’s Saudi Aramco and Qatar’s RasGas). Iranian hackers successfully wiped hard drives, causing both companies to temporarily cease operations and sustain huge financial losses.
More recently, Iran fortified their destructive capabilities in cyberspace to include espionage, destructive attacks and social media manipulation. In October, Microsoft’s security team identified 241 email accounts compromised by Iranian hackers. These email accounts were associated with a US presidential campaign including current and former US government officials, journalists covering global politics, and prominent Iranians living outside Iran. Iranian hackers have also been accused of trying to steal data from US military veterans in an attempt to steal academic research.
Smart Secure customers rest assured with the best known cybersecurity defenses in play
Omega Systems Security Experts remain watchful and on high alert, especially when it comes to matters of National Security and the effects on US businesses at the granular level. “It’s why we do what we do,” states Kyle Weller, Information Security Engineer, and Cyber Security Expert. “It’s times like these when customers who have invested in our Smart Secure security platform, can justify and even quantify their investment.”
Smart Secure’s SIEM reporting and alerting system, along with Barracuda spam filtering and FortiGate hardware allow us to detect patterns of known threats. What’s more, Omega Systems applies the human element to the successfully proven implementations of mitre attack behavioral threat intelligence to make our security services more effective in providing real-time threat detection. In addition to automation, our security experts are constantly adding advanced indicators to our systems to detect new threats. We are currently monitoring data exfiltration alerts to combat ransomware built to exfiltrate data.
Omega Systems’ Data Security Team attacks cyber threats by thinking in motion and never settling for “good enough”. “Most companies go wrong when they ‘settle’ just to check boxes. Keeping up with trends and the current threat environment is a constant evolution. Meeting regulatory and auditing requirements should be a stepping stone and bare minimum in my opinion,” remarks Kyle Weller. He adds, “It’s always better to exceed standards in order to remain confident you are in a good place as the threat environment changes.”
All Omega Systems customers are encouraged to contact the helpdesk at 484-772-1110 if any suspicious activity is identified. If you are NOT currently subscribing to an Omega Systems’ managed security service, please reach out to one of our security experts TODAY. Our representatives can provide valuable recommendations to better prepare your business. Our team can be reached at 610-678-7002 or firstname.lastname@example.org.