Cyber Threat Advisory: Iranian Cybersecurity Threats

Date: 24 June 2019

TLP:WHITE

1.    Description

On 24 June 2019, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) sent out a warning about increased threat activity from Iranian actors targeting industries and government agencies in the United States.¹ The report did not list all of the tactics the actors used, however it did state that actors have used wiper attacks more frequently. Actors use wiper attacks to delete information from a network.

2.    Prevention and Mitigation

Neither DHS nor CISA provided any additional information about the actor(s) targeting the US, their campaigns, or the malware they distributed. They did share that the attackers employed tactics such as spear phishing, password spraying, and credential stuffing.^{2 3} The report recommends that organizations should implement two-factor authentication to help prevent these types of attacks.

Due to the targeted nature of these attacks Infoblox recommends taking the following precautions to further reduce the risk of a successful attack:

1. Regularly train users to be aware of potential phishing efforts and how to handle them appropriately.
2. Be cautious of emails from unfamiliar senders and do not open unexpected attachments before inspecting them.
3. Require strong passwords from users.
4. Require password changes after a certain period of time (e.g.: quarterly).

Endnotes

1. https://www.us-cert.gov/ncas/current-activity/2019/06/24/CISA-Statement-Iranian-Cybersecurity-Threats
2. https://resources.infosecinstitute.com/password-spraying/
3. https://www.owasp.org/index.php/Credential_stuffing