Prepare for heightened risk of Iranian cyberattacks

Following last weekend’s American military strikes in Iran, the Department of Homeland Security has issued a warning for companies to be vigilant in defending their information security systems and infrastructure. The warning says "low-level cyberattacks against U.S. networks by pro-Iranian 'hacktivists' are likely" with a particular focus on "poorly secured U.S. networks and internet-connected devices."

The Cybersecurity and Infrastructure Security Agency (CISA) has urged companies to improve resilience against nation-state cyber threats by proactively assessing their cyber preparedness, enhancing defenses, monitoring suspicious activity, and educating employees on reporting suspicious emails and links.

“It is important to be on the lookout for retaliation through cyberattacks directed at U.S. critical infrastructure and organizations,” said Paul Tucker, chief information security officer at BOK Financial®.

Cybersecurity experts have identified multiple distinct Iranian state-sponsored or pro-Iran hacktivist threat actor groups who are financially motivated cybercriminals and have historically targeted U.S. organizations during heightened conflicts. Preparedness is crucial, as cyberattacks targeting other countries, like Israel, could indirectly affect U.S. companies due to network interconnectedness.

Historically, Iranian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics to gain initial access to target networks including:

• Spear phishing: An attack involving emails that are highly customized to the individual, making it appear like it's coming from one of your providers or vendors.
• Brute force: A hacking method using trial and error to crack passwords, login credentials and encryption keys.
• Exploiting known vulnerabilities against accounts and networks with weak security.

Reciente Iranian state-sponsored activity has included malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated APT cyber actors. The following actions are key to strengthening operational resilience against this threat:

• Implement multifactor authentication for all accounts, especially privileged ones.
• Use contraseñas seguras y únicas.
• Establezca políticas de bloqueo de cuentas después de un número limitado de intentos fallidos de inicio de sesión.
• Check systems for default passwords still in use.

"Businesses and local municipalities should remain vigilant to Iranian threats and remind employees to stay alert," emphasized Tucker. "Cybersecurity today means protecting what we cannot see, in places we cannot reach. The best defense against attacks is preventing them."

Sea proactivo
The heightened risk of attacks also can serve as a reminder for cybersecurity best practices. CISA's checklist for organizations of all sizes provides guidance on being prepared, detection and response if an intrusion occurs.

"En el panorama cambiante de hoy, las empresas deben asegurarse de que sus empleados estén bien capacitados y atentos contra los ataques cibernéticos, especialmente los ataques de phishing", dijo Tucker.

"It's imperative that employees take a moment to verify emails before interacting with them and report suspicious activity. A single click can have far-reaching consequences."

- Paul Tucker, chief information security officer at BOK Financial

But it's more than just monitoring emails. Preventative measures also include:

• Prepárate. Asegúrese de tener un plan de respuesta a incidentes y continuidad del negocio, y pruébelo rutinariamente, para estar preparado en caso de ransomware.
• Minimice su superficie de ataque. Keep systems and software up to date and remediate known system vulnerabilities. Aplique la autenticación multifactor para el acceso remoto y actualice las vulnerabilidades conocidas (use Herramientas gratuitas de CISA si es necesario).
• Evalúe la seguridad de su cadena de suministro. Los actores han obtenido acceso inicial a las organizaciones víctimas al comprometer el software de terceros de confianza.
• Increase employee awareness. Cybersecurity awareness training plays a crucial role in preventing cyberattacks of any kind, especially to prevent phishing attacks and password compromises.
• Vet your suppliers. Make certain your critical vendors have strong security measures and contingency plans to ensure continued service if an incident occurs.
• Supervise la guía de CISA. El Shields Up site provides guidelines for companies of all sizes plus detailed recommendations for business leaders.

"Estar preparado, tener un libro de jugadas de ciberseguridad y programas sólidos, e invertir en educar a los empleados sobre la importancia de la seguridad cibernética contribuirá en gran medida a proteger su negocio y sus clientes", dijo Tucker.