In response to US actions against Iran and the potential of escalation on the cyber front, three cybersecurity experts with KnowBe4 with strong defense and national security background offer perspective.
In response to US actions against Iran and the potential of escalation on the cyber front, three cybersecurity experts with KnowBe4 with strong defense and national security background offer perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
While the USA is always a target to nation states, organizations should be aware of a potential targeted cyber attack due to the recent actions by the US government. Organizations will want to be on alert, but not to panic. There have been no attributed attacks as of yet and while the USA is always under a cyber attack, there is a need for additional monitoring and awareness within their networks.
Respectively, organizations having a robust security program should already be actively monitoring for unusual activity. They want to be vigilant to remote access connections by making sure all supply chain access is monitored, authorized and considered valid. It\’s important for organizations to alert their human firewalls with training and education about potential attacks and a strong awareness to potential spear phishing attacks.
The US has seen attacks from various nation states to the critical infrastructure networks in the past, like water, energy, transportation and healthcare organizations and they will want to be alert of the potential impact and take the appropriate actions.
Modern military actions and warfare has transcended from purely kinetic attacks to hybrid cyber and Kinetic attacks. It’s reasonable to expect that there will be a response on the cyber side, especially given Iran’s advanced capabilities in the space. There is the possibility they already have access to systems as part of their APT groups and may leverage these at any time with attacks on the public and private sectors.
We can also expect that non-Iranian attackers will use the emotional tensions around the situation to craft phishing attacks designed to install malware or steal credentials. This is often the case around emotionally charged situations such as this.
We know APTs 33 and 34 are associated with Iranian state sponsored hackers. Every company in the SCADA and ICS space should already be proactive in safeguarding against these (and other) APTs; if we\’re doing our jobs right, then admins aren\’t in a state of emergency right now over the potential of Iranian implants lying dormant on our networks. It\’s also important to keep in mind US CERT\’s ongoing bulletins regarding Iranian cybersecurity threats, which consistently warn industry as to their go-to access methods – phishing attacks and password spraying. Critical infrastructure must remain vigilant and utilize security solutions such air gaping, deploying endpoint protections and training employees to spot and report social engineering and potential insider threats.