In response to reports that an Iranian state-sponsored hacking group has been ‘password-spraying’ U.S. electric utilities for the past year, experts commented below.
Cyber attacks are commonly used in warfare today as they are cheaper and easier than any other kind of army to raise. Iran has a well-funded and state-supported offensive cyber capability, and this malware incident will likely be followed by other attacks. We have witnessed over the past five years an increase of state-sponsored attacks directed at “civilian,” or commercial, organizations as methods to achieve secondary access or other goals. Unfortunately, the use of cyber attacks is now a doctrinal norm and organizations must ensure they are prepared to defend themselves and not collateral damage. To protect their networks and consumer data, companies must understand the methods of these types of threats and continuously test the efficacy of their security controls to ensure what they believe to be their security posture is actually true and they’re adequately defended.
The headline here is the malware itself, but it’s important to remember that the point of entry was an unpatched vulnerability. Prevention is the preferred method of malware defense.
It’s likely we’ll see more of this type of state-sponsored activity. I wouldn’t expect this is the last we’ll hear about the Dustman malware.
This attack could have been much worse, and while we don’t know all the details, I’m willing to bet that Bapco had planned out their response before this incident occurred.
The lack of utter devastation this time around should be counted as a major computer defense success. The 2012 Disttrack attack against Saudi Aramco, which devastated that company and put all of Saudi Arabia on it’s heels for half a year, led to the better successful defense of Bahrain. The Saudi Aramco attack changed everything for that part of the world. Before the Saudi Aramco attack, Middle East computer security was worse than poor. It was almost non-existent. But losing 32,000 computers, servers and workstations, in one of the world’s first nation-state attacks and the shutting down of the number one wealth producer for the country has a way of creating focus. Saudi Arabia and its allies, including Bahrain, realized that status quo wouldn’t work anymore, and they worked very hard to come up to speed. I was working at Microsoft at the time of the Disstrack attack and Saudi Arabia sent over dozens of IT security envoys to work hand and hand with some of America’s best (and most attacked) companies to learn how to come up to speed with better computer security as quickly as possible. It was a major investment…maybe one of the biggest investments ever in their future. And looking at this latest story, it seems like a success. You can’t stop every attack, but it certainly wasn’t as bad as the past attacks. It was more of a hiccup in the sand this time. Kudos to the Middle East for what they accomplished. There should be at least some smiles and handshakes going on while they are also trying to fix what still went wrong and the lessons learned.
It\’s widely known that APTs 33 and 34 are associated with Iranian state sponsored hackers. The U.S. government has repeatedly warned the private sector about Iranian cybersecurity threats, specifically regarding their go-to access methods – phishing attacks and password spraying.
No one should be surprised by this, and something as basic as rejecting frequently used or known breached passwords are an easy security problem to resolve. Given the continued threat notifications by USG (United States Government) and others, this should\’ve been addressed and remediated long before now. The solution to these attacks are simple: reject commonly used or breached passwords and train users to spot phishing attacks and you\’re ahead of the Iran-based CNA curve.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics