Today the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of potential cyber attacks by Iran in response to the current tensions between the Islamic Republic of Iran and the United States. It is noted in the alert that Iran has historically used cyber attacks to retaliate when they believe they have been wronged.
What Does This Alert Mean?
In recent history, Iran has used various cyber tactics to attack financial institutions, energy companies, government facilities, healthcare entities and even the defense industrial base. Because of their increasingly sophisticated capabilities in the cybersecurity arena, CISA has warned businesses, governments and others to remain vigilant and at high alert for potential cyber attacks. To that end, CISA recommends two courses of action: vulnerability mitigation and incident preparation.
What Can I Do To Protect My Business?
CISA recommends the following:
- "Disable all unnecessary ports and protocols. Review network security device logs and determine whether to shut off unnecessary ports and protocols. Monitor common ports and protocols for command and control activity.
- Enhance monitoring of network and email traffic. Review network signatures and indicators for focused operations activities, monitor for new phishing themes and adjust email rules accordingly, and follow best practices of restricting attachments via email or other mechanisms.
- Patch externally facing equipment. Focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service on external facing equipment.
- Log and limit usage of PowerShell. Limit the usage of PowerShell to only the users and accounts that require it, enable code signing of PowerShell scripts and enable logging of all PowerShell commands.
- Ensure all backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network."
In order to protect your business, it is important to ensure that your IT Department or Managed IT Provider is at a heightened state of awareness. Stay alert for phishing or security-related events. This can include but is not limited to:
- Requests by third parties for Personal Identifiable Information not normally required for day-to-day business activities
- Requests for username and password credentials for your work environment
- Requests for customer information outside of normal day-to-day requirements
- Requests for remote access or shared access to systems from sources other than your IT department or verified Managed IT Provider
If you experience any of these happenings, you should immediately contact your IT department or your Managed IT Service Provider. Fraser's Managed IT Services Group works with hundreds of customers to improve network safety and data protection for their businesses. If you believe that your business has been compromised in a cyber attack, it is important to contact your local authorities who can provide you with guidance on next steps.