US Cybersecurity Agency Warns of Possible Iranian-Backed Cyberattacks

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning the cybersecurity community, companies and the public that it expects an increase in the near future in the number of incidents emanating from the current tensions between the Islamic Republic of Iran and the United States.

Following the increase in tensions this week, CISA advises the cybersecurity community to adopt a state of heightened awareness, increase organizational vigilance, report new incidents and make sure that people know how to report problems, and exercise organizational incident response plans.

CISA also underlined possible mitigations for companies and industries, including in the financial sector, government facilities, healthcare, communications, and even the defense industrial base. Some of the advice should be always used, no matter the state of the armed conflict between the two countries.

IT professionals and providers should consider disabling all unnecessary ports and protocols, monitor network and email traffic, patch all hardware exposed to the Internet or network, limit the usage of PowerShell, and make sure that all backups are up to date.

“Iranian cyber threat actors have continuously improved their offensive cyber capabilities. They continue to engage in more “conventional” activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), but they have also demonstrated a willingness to push the boundaries of their activities, which include destructive wiper malware and, potentially, cyber-enabled kinetic attacks,” explains the agency in the advisory.

Iranian-backed APT groups have been busy in the past decade, targeting the U.S. financial sector, a Dam in New York State, the Sands Las Vegas Corporation, and organizing a massive cyber theft campaign containing dozens of incidents.