Following the recent U.S. operation in Iraq which resulted in the killing of Iranian General Qassem Soleimani, Iran warned that it will retaliate. Although the international community and both involved countries have taken steps to deescalate the crisis, it is always prudent to stay alert and continually update your cybersecurity programs regardless of whether the opponent is a state actor or just a common cybercriminal.

That is the key message of two security bulletins issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the DHS National Terrorism Advisory System.

More specifically, CISA recommends that organizations adopt a state of heightened awareness, increase organizational vigilance, confirm reporting processes, and exercise organizational incident response plans. At the same time, DHS recommends that organizations be prepared for cyber disruptions, suspicious emails, and network delays and that they implement basic cyber hygiene practices.

Background Information on Iranian Cyber Activity

DHS notes that “at this time we have no information indicating a specific, credible threat to the Homeland.” However, “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States,” states the DHS security bulletin.

Further, CISA states that Iran continues “to engage in more “conventional” activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), but they have also demonstrated a willingness to push the boundaries of their activities, which include destructive wiper malware and, potentially, cyber-enabled kinetic attacks.”

Offensive cyber operations targeting a variety of industries and organizations, including financial services, energy, government facilities, chemical, healthcare, critical manufacturing, communications, and the defense industrial base, have been attributed or allegedly attributed to the Iranian government, says the CISA alert bulletin. As outlined in the bulletin, the most notable high-profile attacks attributed to (Read more...)