The U.S. Department of Homeland Security warned of cyberattacks from Iran and urged U.S. based companies to take protective measures to prevent hackers from using data-wiping malware, credential stuffing attacks, password spraying and spear-phishing.
Businesses in the Industrial sector including oil and gas companies and financial industries are most likely to be targeted in the wake of the raging cyber conflict, some experts said.
The warning was sent in a tweet posted by the Director of Cybersecurity and Infrastructure Security Agency (CISA), Christopher Krebs. According to reports from multiple sources, the U.S. has responded to the Iranian cyber-attacks with counter attacks of its own.
The CISA director also suggested US companies protect themselves from the most common attacks seen from Iran including destructive ‘wiper’ attacks. A wiper attack involves wiping, overwriting and removing data from the victim’s systems. Unlike typical cyberattacks which tend to be for monetary gain, wiper attacks are destructive in nature and often do not involve a ransom.
“ISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. Iranian regime actors and proxies are increasingly using destructive “wiper” attacks, looking to do much more than just steal data and money,” the CISA Statement on Iranian cybersecurity threats said.
In times such as these it remains important to make sure companies shore up their basic defenses, like using multi-factor authentication. If any incidents are suspected, they should be taken seriously and swift action should be taken, the statement suggested.
Common tactics like spear phishing, password spraying, and credential stuffing are being used to target companies. Spear fishing is a fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information. Similarly, password spraying is an attack that attempts to access a large number of accounts and usernames with a few commonly used passwords.
Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and the corresponding passwords are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application. The attacker automates the logins for thousands to millions of previously discovered credential pairs using standard web automation tools.
Since these attacks could take anyone by surprise, it remains important to stay informed and vigilant about the type of links and software companies and its employees use.
“What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” the press statement on the U.S. Homeland security website added.
These attacks are not unprecedented either, there have been past attempts of hackers from Iran attempting to wipe U.S companies in 2014 and 2016 with an attack on a Las Vegas casino’s computers being the most significant among them.
Any U.S based company which has relevant information or suspects a compromise should contact the CISA at NCCICCUSTOMERSERVICE@hq.dhs.gov