This is a developing story. Check back for our full series of posts that will cover the many ways to strengthen cybersecurity defenses.
Notice of elevated cyberattack activity
On June 22, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a statement warning U.S. organizations of a noticeable rise in cyberattack activity against U.S. industries and governments as a result of the escalating tensions with Iran. Iran is considered to be one of the top three most capable and active cyberactors targeting both public and private sectors, and it has been linked to previous widespread attacks.
Types of attacks U.S. organizations should look for
The statement asserts that “Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money.” These attacks can lead to a complete loss of network and data. The statement further suggests that the wiper attacks “are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
What to do in the event of an attack
Any organization that suspects it has been compromised should follow an incident response plan. In addition, CISA is asking that attacks and breach activity be reported using this email: NCCICCUSTOMERSERVICE@hq.dhs.gov.
How you can protect against cyberattacks
Read more on Cybersecurity Watch about how to strengthen your organization’s defenses:
- Identify weaknesses in your organization, and develop a road map for remediation with a cybersecurity assessment.
- Secure your organization’s cybersecurity defenses with a managed detection and response service.
- Investigate breaches and execute well-planned responses to limit damage.
- Implement an incident response program and test preparedness through tabletop exercises that emulate real threats.
Please contact Troy La Huis at +1 616 233 5571 or troy.lahuis@crowe.com if you have any questions about the CISA statement.