The US Cybersecurity and Infrastructure Security Agency
(CISA) is warning the cybersecurity community, companies and the public that it
expects an increase in the near future in the number of incidents emanating
from the current tensions between the Islamic Republic of Iran and the United
States.
Following the increase in tensions this week, CISA
advises the cybersecurity community to adopt a state of heightened awareness,
increase organizational vigilance, report new incidents and make sure that
people know how to report problems, and exercise organizational incident
response plans.
CISA also underlined possible mitigations for companies
and industries, including in the financial sector, government facilities, healthcare,
communications, and even the defense industrial base. Some of the advice should
be always used, no matter the state of the armed conflict between the two
countries.
IT professionals and providers should consider disabling
all unnecessary ports and protocols, monitor network and email traffic, patch
all hardware exposed to the Internet or network, limit the usage of PowerShell,
and make sure that all backups are up to date.
“Iranian cyber threat actors have continuously improved
their offensive cyber capabilities. They continue to engage in more ‘conventional’
activities ranging from website defacement, distributed denial of service
(DDoS) attacks, and theft of personally identifiable information (PII), but
they have also demonstrated a willingness to push the boundaries of their
activities, which include destructive wiper malware and, potentially,
cyber-enabled kinetic attacks,” explains
the agency in the advisory.
Iranian-backed APT groups have been busy in the past
decade, targeting the U.S. financial sector, a Dam in New York State, the Sands
Las Vegas Corporation, and organizing a massive cyber theft campaign containing
dozens of incidents.