If the latest reports are to be believed, Iran-backed
hackers are probing U.S. critical infrastructure by using password-spraying
attacks, looking for weakness and human laziness.
It’s no surprise that, following the conflict between the
United States and Iran so far this year, hacking activities are on the rise.
It’s impossible to say with certainty that the threats originate from Iran but
the modus operandi is similar to patterns of the last decade.
A password-spraying attack is a known method to find weak
passwords, which is basically guesswork. Research shows that, year after year,
people tend to choose simple passwords or to use the same passwords on multiple
services. Hackers know there’s also the possibility of finding at least one
such case.
A report
from industrial security company Dragos shows that a group called MAGNALLIUM
(also known under the APT33 name, Refined Kitten and Elfin.) is targeting
industrial control systems (ICS),
“In the fall of 2019, following increasing tensions in
the Middle East, Dragos identified MAGNALLIUM expanding its targeting to
include electric utilities in the U.S. MAGNALLIUM appears to still lack an
ICS-specific capability, and the group remains focused on initial I.T.
intrusions,” reads the report.
The use of a password-spraying attack means they may not
have a way in, at least not at the moment. On the other hand, it would also be
a way to create a lot of noise to cover their tracks.
Finally, the real problem is not the current wave of
attacks observed by cybersecurity companies, but the fact that some of the APTs
(advanced persistent threats) already have access and are waiting for the right
time to strike.
A few days ago, the U.S. Cybersecurity and Infrastructure
Security Agency (CISA), under the direction of Homeland Security, warned both
the government and private sectors to watch out for possible attacks from
state-sponsored entities, especially those emanating from Iran.