The stakes are high as far as an Iranian cyber response is concerned. According to the Cybersecurity and Infrastructure Security Agency (CISA), the cybersecurity community should take every precaution to protect the nation’s critical infrastructure in light of the current tension between the US and Iran. The Islamic Republic of Iran has a history in executing offensive activities to retaliate against external threats or pursue global interests beyond its capability.
Just recently, Iran launched a series of offensive cyber operations to suppress both social and political perspectives considered dangerous to the country. Their aim is to harm regional and international opponents such as the US. Iranian cyber threat actors are increasingly becoming sophisticated, and following the recent US military attack in Baghdad, there are strong possibilities that they are working around the clock to launch retaliatory attacks through cyberattacks.
The threats range from conventional website defacement to distributed denial of service (DDoS) attacks and theft of personally identifiable information (PII). Lately, they’ve demonstrated their intentions to launch destructive wiper malware, as well as cyber-enabled kinetic attacks. According to intelligence reports from the U.S. intelligence community and other private threat intelligence agencies, the IRGC (Islamic Revolutionary Guard Corps) is the force behind Iranian state-funded cyberattacks.
As an IT professional or service provider, it is our responsibility to protect your sensitive information. CISA recommends the following measures to mitigate potential Iranian cyberattacks. These recommendations may not be exhaustive, but they focus on the actions that will likely give your organization the highest return on investment. Overall, CISA recommends two main plans of action in the face of this potential Iranian threat: vulnerability mitigation and incident preparation.
Begin by minimizing coverage gaps in staff availability, keeping abreast with threat intelligence and ensuring that emergency call trees are up to date.
Next, ensure that all your cybersecurity personnel are monitoring internal security levels and that they are able to identify anomalies as they crop up. Flag any indicators of system compromise or techniques, tactics, and procedures for immediate response.
Your IT staff should know how and when to report incidents. The well-being of your organization and your workforce will depend on how much you take threat awareness seriously. Consider reporting any incident to CISA for timely mitigation.
Your IT staff should understand the key steps they need to take following an incident. Let them understand the processes and give them the necessary user access. All your data sources should be logging as expected, and if an incident is detected, your personnel should be able to work calmly and in a unified manner.
Review your network security device logs and identify unnecessary ports and protocols. Additionally, monitor common ports and protocols for control and command activities.
Your IT team should also patch critical and high vulnerabilities that can allow denial of service on externally facing equipment or remote code execution.
Finally, limit the usage of PowerShell to users and accounts that really need it. Also, enable code signing of PowerShell scripts and activate logging of all PowerShell commands.
Iranian cybercriminals are increasingly deploying sophisticated threats, and the current tension between the US and Iran is likely to trigger even more widespread threats. Ensure that all your backups are up to date and kept in an easily retrievable location that is effectively air-gapped from your organization’s network. Keep checking on this page to keep abreast of any new developments in the looming Iranian cyber threats.
If you are concerned that your organization's information may be at risk, do not hesitate to contact us. We have developed and deployed sophisticated counter-measures to protect our clients. Reach out now to find out how we can help.