Breach Alert
The latest tensions between the United States and Iran have raised additional concerns regarding cybersecurity and security in general at a national level. “Iranian leaders have vowed to retaliate against the US, with the US Department of Homeland Security warning that previous Iranian plans have included “cyber-enabled” attacks against a range of US targets.” (zdnet.com, 2020) The US has always vowed to not take threats lightly; which raises the discussion of what retaliation from the Iranian leaders may look like and how to prepare for them. “Iran has long been seen as one of the four countries that pose the greatest online threats to the US, along with China, Russia, and North Korea, and there has been a long history of Iranian cyber intrusions against the US.” (zdnet.com, 2020) The US government has acknowledged that Iran has a “robust cyber program” and is capable, at minimum, of launching cyberattacks that can cause temporary/short-term effects on some of the United States critical infrastructures. In the United States’ most recent assessment “– from January last year — US intelligence agencies said that Iran was attempting to build cyber capabilities that would enable attacks against critical infrastructure in the US and elsewhere. “Iran has been preparing for cyberattacks against the United States and our allies”, said the report, which warned that Iran was capable of causing “localized, temporary disruptive effects.” Those effects could include disrupting a large company’s corporate networks for days to weeks, as in the data-wiping attacks Iran has been accused of conducting against targets in Saudi Arabia.” (zdnet.com, 2020)
How it Could Affect You
High-level cybersecurity threats and attacks can often have a trickle-down effect. Currently, that we know of, Iran is capable of attacking in the following areas of cybersecurity:
- Espionage
- Destructive Attacks
- Social Media Manipulation
Iran has “consistently targeted government officials, government organizations, and companies to gain intelligence either for industrial espionage or to improve its positioning for future attacks.” (zdnet.com, 2020) According to Senior Director of Threat Research and Detection at the security company Proofpoint, Sherrod DeGrippo, Iran’s objective “- at least in the past – has been to get a foothold inside the organization, extract the data and they keep that foothold for later use.” (zdnet.com, 2020)
“CISA has a set of recommended actions for organizations to take in the face of potential threats:
- Disable all unnecessary ports and protocols, review network security device logs and determine whether to shut off unnecessary ports and protocols. Monitor common ports and protocols for command and control activity.
- Enhance monitoring of network and email traffic, monitor for new phishing themes.
- Patch externally facing equipment, with a focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service.
- Limit the usage of PowerShell to only users and accounts that need it, enable code signing of PowerShell scripts, and enable logging of all PowerShell commands.
Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network.” (zdnet.com, 2020)
Hodgson Can Help
We can help you monitor and mitigate the risk associated with hackers hijacking your online credentials. While it is impossible to recover data 100% once it has been stolen and sold by cybercriminals. It is possible to help you and your business recover, as well as help, prevent you from becoming a recurring target. Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. Contact us to receive a FREE Cyber Security Risk Assessment and learn more about our Managed Security Service Plans. Contact our office today at 847-906-5005.
