Iranian Cyberattack: What You Need to Know & Do (via GreyCastle Security)

Prior to the recent escalation between the United States and Iran, the US government and other agencies have been warning of escalated cyberattacks from Iran. There are some important data points that will help you understand the size and dynamic nature of this threat.

WHAT YOU SHOULD KNOW

  1. Iran has a history of significant cyberattack and has considerable capability, and is considered one of the best in the world by many cyber experts;
  2. Iran has demonstrated that they are willing to retaliate and escalate;
  3. Iran is known for not only compromising systems and stealing information, but also rendering systems unusable and wiping data.
  4. Iran is attributed to many attacks in recent history across the spectrum of industries, not just in critical infrastructure. Some of Iran’s recent targets include:
    • Financial institutions
    • Universities
    • Political campaigns
    • Government networks
    • Manufacturers, suppliers, maintainers and vendors of industrial control system equipment and software
    • Oil-and-gas and heavy machinery companies
    • Telecommunications infrastructure and providers
    • Travel Industry
  5. Recent analysis shows an uptick in attacks from Iran.
  6. While there may be some obvious targets, everyone should be prepared for the unexpected. For example, in 2014 Iran attacked the Sands Casino, a publicly traded company, because of the political views of its leadership.

WHAT YOU SHOULD DO

  1. Ensure that the following capabilities exist:
    • An incident response capability that is tested and ready to use;
    • A business continuity plan, that includes 3rd party services;
    • Off-line backup processes and recovery procedures for systems and data.
  2. Reinforce best practices with workforce:
    • Don’t open emails for unknown senders;
    • Don’t use personal email or social media on company assets;
    • Use caution when opening links or attachments;
    • Report any suspicious activity, immediately;
    • Review job-specific security responsibilities.
  3. Monitor for indicators of compromise:
    • Configure and review logfiles diligently;
    • Monitor Intrusion Detection/Protection systems to ensure that they are effective and that alerts are managed;
    • Consider blocking access to/from Iran, including all internet communications and services (Email, remote access, and others).
  4. Validate the security of your information systems:
    • Ensure systems are free of known weaknesses and vulnerabilities, including those owned by 3rd party vendors;
    • Prioritize remediation based on asset value and impact.
  5. Test your cyber capability and probe for weaknesses:
    • Test systems against known attacks;
    • Test your workforce;
    • Validate security controls are functioning as expected.