Bekker's Blog

Blog archive

Feds Warn of Potential Iranian Cyberattacks

The U.S. agency in charge of cybersecurity is urging organizations in the United States to prepare for potential attacks from Iran in response to the American drone killing of General Qassim Suleimani.

The Cybersecurity and Infrastructure Security Agency (CISA) issued its warning, "Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad," on Monday afternoon. CISA is a federal agency created in 2018 to coordinate with other government entities and the private sector on cybersecurity and critical infrastructure protection.

The drone attack as Suleimani was visiting Baghdad last week is widely expected to prompt counterattacks of some sort from Iran, with Iranian leaders vowing as much in recent days. One of the most rapid ways that Iran can respond is through attacks on computer systems of U.S. businesses and government agencies.

"Iran has a history of leveraging asymmetric tactics to pursue national interests beyond its conventional capabilities," the CISA alert said. "More recently, its use of offensive cyber operations is an extension of that doctrine. Iran has exercised its increasingly sophisticated capabilities to suppress both social and political perspectives deemed dangerous to Iran and to harm regional and international opponents."

A site defacement already occurred over the weekend, when the Web site for the U.S. Federal Depository Library Program was replaced with an image of a bloodied President Trump being punched in the face. Text in English across the bottom of the page read, "Hacked by Iran Cyber Security Group HackerS ... ;)". A CISA spokesperson told the Washington Post that the attacker used a misconfiguration within the content management system to effect the defacement, and that CISA was unable to provide confirmation that the attack had any actual link to Iran.

In a primer section of its alert, CISA recommended that organizations "adopt a state of heightened awareness," "increase organizational vigilance," "confirm reporting processes" and "exercise organizational incident response plans." The document also details mitigation and detection recommendations for advanced persistent threat techniques that Iranian state-sponsored actors are believed to have used in the past, such as spearphishing, credential dumping and attacks involving PowerShell or scripting.

The full alert is available here.

Posted by Scott Bekker on January 06, 2020 at 11:20 AM


Featured

  • Report: U.S. Web Sites Not Protecting Your Private Data

    According to a study announced Friday by privacy compliance solutions vendor Zendata, many Web sites were found to have woeful data protection practices in place.

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Azure Sphere OS Version 22.01 No Longer Happening

    Microsoft will no longer be releasing its previously announced Azure Sphere version 22.01 operating system, the company announced on Wednesday.

  • Is Microsoft's Free Windows 11 Upgrade Offer Coming to an End?

    Microsoft may be alluding to the end of the free Windows 11 upgrade for Windows 10 users.