Sophos Shares Guidance on Iranian Cyberthreat Topics

Sophos Shares Guidance on Iranian Cyberthreat Topics

The US Homeland Department had issued a security alert over the weekend, warning of possible acts of terrorism and cyber-attacks that could be carried out by Iran following the killing of a top general by the US military. While Iran has been actively participating in attacks against the United States and other western nations, the attacks are expected to increase in intensity. In addition, the attacks will be focused on creating chaos as much trying to gather information.

The DHS said that Iran maintains a robust cyber program and can execute cyber-attacks against the United States. They include discussions of the Iranian threat profile and activity, the potential for Iranian cyber response and warnings about increased focus on industrial control systems.

Principal Research Scientist Chester Wisniewski examines common attack patterns used by the Islamic Revolutionary Guard Corps (IRGC) – including wiper attacks as a form of retaliation – and shares security recommendations:

“When facing a human adversary, especially one who has the support of a nation-state, one must be prepared for anything.

The tools, tactics and procedures being utilized by the IRGC are remarkably similar to those used by conventional cybercrooks. Their goals might be different, million-dollar ransoms and your customers’ credit card data, instead of international drama and revenge, but the methods barely vary.

 The disruption phase usually involves a wiper, a dual purpose tool to both cover their tracks and to disable and disrupt the target’s ability to operate. To protect against this type of sophisticated attack, we recommend the following:

  • Patching – Eliminate known vulnerabilities and inventory of software assets and versions
  • Phishing awareness training – Educate users to follow their gut and on the increasing sophistication of malicious email
  • Credential hardening – Test your user database against known breached passwords and providing tools for secure password management
  • Multi-factor authentication (MFA) – Require MFA for remote access and other frequently abused services
  • Application control – Watch for unauthorized use of legitimate tools
  • Advanced anti-malware tools – Defend against unknown variations of known malware and exploits against zero day and unpatched vulnerabilities”

Two additional advisories provide guidance on compiling threat intelligence to hunt for Iranian cyber threats and applying intelligence to Iranian attack risk. According to Senior Director of Managed Threat Response J.J. Thompson:

“Iran is a worthy adversary. Organizations should immediately enhance prevention, detection and response capabilities to comprehensively address advanced attacks.”

“Fusion of applied threat intelligence data derived from open sourced intelligence on adversary methods and tactics can be used to supplement countermeasures.”

“With geopolitical events changing daily, discussions and questions about threat intelligence and strategies for defending against possible cyberattacks from Iran are front and center. It’s important to understand and communicate the limitations of any threat intelligence information you communicate to stakeholders, as these limitations can affect the conclusions you might reach. Some factors include your confidence in the sources, the completeness of the information, the age of the information artifacts, the investigative method used to produce that threat intelligence, interpretations of the meaning of the threat intelligence, and qualifying the conclusions.”

For additional information, please reference the advisories:

Related Stories

No stories found.
logo
DIGITAL TERMINAL
digitalterminal.in