Rising political and military tensions between the United States and Iran have led to renewed calls for securing government and private-sector critical systems in the event that the conflict leads to malicious cyber activity against U.S. assets.
Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA) on Jan. 2 tweeted out a reminder of a June 2019 statement by CISA on Iranian Cybersecurity Threats.
“Bottom line: time to brush up on Iranian [tactics, techniques, and procedures] and pay close attention to your critical systems, particularly [Industrial Control Systems],” Krebs tweeted. “Make sure you’re also watching third-party access!”
In the June statement, Krebs said that Iranian threat actors and proxies were increasingly using “wiper” attacks that are enabled through common tactics such as spear phishing, password spraying, and credential stuffing. He also mentioned the importance of shoring up basic defenses like multi-factor authentication.
Private sector security providers like CrowdStrike are also issuing warnings as tensions with Iran increase following the U.S. airstrike that killed Iranian military commander Qasem Soleimani.
“While CrowdStrike is not reporting on a specific threat emanating from Iranian state-affiliated adversaries at this time, in line with previous assessments, CrowdStrike Intelligence believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests,” CrowdStrike said in an email.
CrowdStrike also said it believes financial, defense, Federal, and oil and gas sectors are “most likely” targets for retaliation, and recommends that those sectors adopt “a strong defensive posture” and enable all prevention capabilities.