Expert Comments

EXPERT COMMENTS: Iranian Hackers Have Been ‘Password-Spraying’ US Electric Utilities

Expert(s): Security Experts
Expert(s): Security Experts

In response to reports that an Iranian state-sponsored hacking group has been ‘password-spraying’ U.S. electric utilities for the past year, experts commented below.

Experts Comments

Dot Your Expert Comments
Rosa Smothers
January 10, 2020
SVP of Cyber Operations
KnowBe4

The U.S. government has repeatedly warned the private sector about Iranian cybersecurity threats.
It's widely known that APTs 33 and 34 are associated with Iranian state sponsored hackers. The U.S. government has repeatedly warned the private sector about Iranian cybersecurity threats, specifically regarding their go-to access methods - phishing attacks and password spraying. No one should be surprised by this, and something as basic as rejecting frequently used or known breached passwords are an easy security problem to resolve. Given the continued threat notifications by USG (United.....Read More
It's widely known that APTs 33 and 34 are associated with Iranian state sponsored hackers. The U.S. government has repeatedly warned the private sector about Iranian cybersecurity threats, specifically regarding their go-to access methods - phishing attacks and password spraying. No one should be surprised by this, and something as basic as rejecting frequently used or known breached passwords are an easy security problem to resolve. Given the continued threat notifications by USG (United States Government) and others, this should've been addressed and remediated long before now. The solution to these attacks are simple: reject commonly used or breached passwords and train users to spot phishing attacks and you're ahead of the Iran-based CNA curve.  Read Less
Chris Kennedy
January 10, 2020
CISO and VP of Customer Success
AttackIQ

Iran has a well-funded and state-supported offensive cyber capability.
Cyber attacks are commonly used in warfare today as they are cheaper and easier than any other kind of army to raise. Iran has a well-funded and state-supported offensive cyber capability, and this malware incident will likely be followed by other attacks. We have witnessed over the past five years an increase of state-sponsored attacks directed at “civilian,” or commercial, organizations as methods to achieve secondary access or other goals. Unfortunately, the use of cyber attacks is now a .....Read More
Cyber attacks are commonly used in warfare today as they are cheaper and easier than any other kind of army to raise. Iran has a well-funded and state-supported offensive cyber capability, and this malware incident will likely be followed by other attacks. We have witnessed over the past five years an increase of state-sponsored attacks directed at “civilian,” or commercial, organizations as methods to achieve secondary access or other goals. Unfortunately, the use of cyber attacks is now a doctrinal norm and organizations must ensure they are prepared to defend themselves and not collateral damage. To protect their networks and consumer data, companies must understand the methods of these types of threats and continuously test the efficacy of their security controls to ensure what they believe to be their security posture is actually true and they’re adequately defended.  Read Less
Tim Erlin
January 10, 2020
VP of Product Management and Strategy
Tripwire

Prevention is the preferred method of malware defense.
The headline here is the malware itself, but it’s important to remember that the point of entry was an unpatched vulnerability. Prevention is the preferred method of malware defense. It’s likely we’ll see more of this type of state-sponsored activity. I wouldn’t expect this is the last we’ll hear about the Dustman malware. This attack could have been much worse, and while we don’t know all the details, I’m willing to bet that Bapco had planned out their response before this.....Read More
The headline here is the malware itself, but it’s important to remember that the point of entry was an unpatched vulnerability. Prevention is the preferred method of malware defense. It’s likely we’ll see more of this type of state-sponsored activity. I wouldn’t expect this is the last we’ll hear about the Dustman malware. This attack could have been much worse, and while we don’t know all the details, I’m willing to bet that Bapco had planned out their response before this incident occurred.  Read Less
Roger A. Grimes
January 10, 2020
Data-Driven Defense Evangelist
KnowBe4

Before the Saudi Aramco attack, Middle East computer security was worse than poor.
The lack of utter devastation this time around should be counted as a major computer defense success. The 2012 Disttrack attack against Saudi Aramco, which devastated that company and put all of Saudi Arabia on it’s heels for half a year, led to the better successful defense of Bahrain. The Saudi Aramco attack changed everything for that part of the world. Before the Saudi Aramco attack, Middle East computer security was worse than poor. It was almost non-existent. But losing 32,000.....Read More
The lack of utter devastation this time around should be counted as a major computer defense success. The 2012 Disttrack attack against Saudi Aramco, which devastated that company and put all of Saudi Arabia on it’s heels for half a year, led to the better successful defense of Bahrain. The Saudi Aramco attack changed everything for that part of the world. Before the Saudi Aramco attack, Middle East computer security was worse than poor. It was almost non-existent. But losing 32,000 computers, servers and workstations, in one of the world’s first nation-state attacks and the shutting down of the number one wealth producer for the country has a way of creating focus. Saudi Arabia and its allies, including Bahrain, realized that status quo wouldn’t work anymore, and they worked very hard to come up to speed. I was working at Microsoft at the time of the Disstrack attack and Saudi Arabia sent over dozens of IT security envoys to work hand and hand with some of America’s best (and most attacked) companies to learn how to come up to speed with better computer security as quickly as possible. It was a major investment…maybe one of the biggest investments ever in their future. And looking at this latest story, it seems like a success. You can’t stop every attack, but it certainly wasn’t as bad as the past attacks. It was more of a hiccup in the sand this time. Kudos to the Middle East for what they accomplished. There should be at least some smiles and handshakes going on while they are also trying to fix what still went wrong and the lessons learned.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Fake App Attacks On The Rise, As Malware Hides In...

Expert On Study That Brits Using Pets’ Names As Online...

Expert Reaction On Europol Publishes Its Serious And Organised Crime...

Fake Netflix App Allows Hackers to Hijack WhatsApp

Hackers Pretend To Be Your Friend In The Latest WhatsApp...

Millions Of Brits Still Using Pet’s Names As Passwords Despite...

Advertised Sites May Appear Genuine On First Glance

Facebook Ran Ads For Malware-ridden ‘Clubhouse for PC’

Linkedin Data Of 500 Million Users Being Sold Online

Experts Comments On Identity Management Day – Tuesday 13th April