CISA Statement on Potential Increase in Cyberattacks From Iran

Troy La Huis 
| 6/28/2019
CISA Statement on Potential Increase in Cyberattacks From Iran

This is a developing story. Check back for our full series of posts that will cover the many ways to strengthen cybersecurity defenses.

Notice of elevated cyberattack activity

On June 22, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a statement warning U.S. organizations of a noticeable rise in cyberattack activity against U.S. industries and governments as a result of the escalating tensions with Iran. Iran is considered to be one of the top three most capable and active cyberactors targeting both public and private sectors, and it has been linked to previous widespread attacks.

Types of attacks U.S. organizations should look for

The statement asserts that “Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money.” These attacks can lead to a complete loss of network and data. The statement further suggests that the wiper attacks “are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.

What to do in the event of an attack

Any organization that suspects it has been compromised should follow an incident response plan. In addition, CISA is asking that attacks and breach activity be reported using this email: NCCICCUSTOMERSERVICE@hq.dhs.gov.

How you can protect against cyberattacks

Read more on Cybersecurity Watch about how to strengthen your organization’s defenses:

Please contact Troy La Huis at +1 616 233 5571 or troy.lahuis@crowe.com if you have any questions about the CISA statement.

Stay informed on the latest in cybersecurity