Recent tensions between the United States and Iran have resulted in a need to amplify your cybersecurity precautionary measures regarding cyber warnings from Iran.
Cyber Warnings from Iran
There are certain threat actor groups associated with or back by Iran that may be committed to carrying out a “proxy war” via cyber-attack. This would allow Iran to retaliate to perceived US aggression without incurring the same penalties as explicit military action.
These threat actors are fluent in the range of tools and attack methodologies available to them. These groups are interested in critical infrastructure and will use everything from commodity malware to highly evasive and destructive wipers and tools.
These cyber warnings from Iran are real. Organizations should take all the precautions necessary to prevent damage caused by cyber warfare.
Our partners at SentinelOne recently issued a statement with the following action to that you can take today.
At this time, we have no information indicating a specific, credible threat to U.S. organizations; however, given the current climate, it’s an apt time to fortify defenses. We encourage organizations to consider the following recommendations:
- Disable unnecessary ports and protocols. A review of your network security device logs should help you determine which ports and protocols are exposed but not needed. For those that are, monitor these for suspicious, ‘command & control’-like activity.
- Log and limit the use of PowerShell. If a user or account does not need PowerShell, disable it via the Group Policy Editor. For those that do, enable code signing of PowerShell scripts, log all PowerShell commands and turn on ‘Script Block Logging’. Learn more from Microsoft.
- Set policies to alert on new hosts joining the network. To reduce the possibility of ‘rogue’ devices on your network, increase visibility and have key security personnel notified when new hosts attempt to join the network.
- Backup now, and test your recovery process for business continuity. It is easy to let backup policies slide, or fail to prove that you can restore in practice. Also, ensure you have redundant backups, ideally using a combination of hot, warm and/or cold sites.
- Step up monitoring of network and email traffic. The most common vectors for intruders are unprotected devices on your network and targeted phishing emails. Follow best practices for restricting attachments via email and other mechanisms and review network signatures.
- Patch externally facing equipment. Attackers actively scan for and will exploit vulnerabilities, particularly those that allow for remote code execution or denial of service attacks.
Cybersecurity plays a mission-critical role in your organization and society-at-large. every second of every day. Together we will prevail over those who challenge our security and way of life.
Consider PREtect as a Precautionary Measure
Our highest level of security is PREtect Premium. This service includes our top four most cyber-resilient services including:
- Managed SIEM with 24/7 Security Monitoring and Analysis
- Managed Detection and Remediation (MDR)
- Responsive Patch Management
- Real-time Vulnerability Management
Learn more about PREtect here: https://cybriant.com/pretect/
Andrew Hamilton is a member of the executive management team of Cybriant, a leader in the cybersecurity services industry. As CTO he is responsible for the technical vision and the delivery of services at Cybriant. Since its founding in 2015, Andrew has led the selection, evaluation, and adoption of all security technology and tools utilized by Cybriant in the delivery of its managed security services.