Cyber Warnings from Iran: Action to Take Today

cyber warnings from Iran
Recent tensions between the United States and Iran have resulted in a need to amplify your cybersecurity precautionary measures regarding cyber warnings from Iran. Read More

Recent tensions between the United States and Iran have resulted in a need to amplify your cybersecurity precautionary measures regarding cyber warnings from Iran.

Cyber Warnings from Iran

There are certain threat actor groups associated with or back by Iran that may be committed to carrying out a “proxy war” via cyber-attack. This would allow Iran to retaliate to perceived US aggression without incurring the same penalties as explicit military action.

cyber warnings from Iran ​These threat actors are fluent in the range of tools and attack methodologies available to them. These groups are interested in critical infrastructure and will use everything from commodity malware to highly evasive and destructive wipers and tools.

These cyber warnings from Iran are real. Organizations should take all the precautions necessary to prevent damage caused by cyber warfare.


Our partners at SentinelOne recently issued a statement with the following action to that you can take today.

At this time, we have no information indicating a specific, credible threat to U.S. organizations; however, given the current climate, it’s an apt time to fortify defenses. We encourage organizations to consider the following recommendations:

  1. Disable unnecessary ports and protocols. A review of your network security device logs should help you determine which ports and protocols are exposed but not needed. For those that are, monitor these for suspicious, ‘command & control’-like activity.
  2. Log and limit the use of PowerShell. If a user or account does not need PowerShell, disable it via the Group Policy Editor. For those that do, enable code signing of PowerShell scripts, log all PowerShell commands and turn on ‘Script Block Logging’. Learn more from Microsoft.
  3. Set policies to alert on new hosts joining the network. To reduce the possibility of ‘rogue’ devices on your network, increase visibility and have key security personnel notified when new hosts attempt to join the network.
  4. Backup now, and test your recovery process for business continuity. It is easy to let backup policies slide, or fail to prove that you can restore in practice. Also, ensure you have redundant backups, ideally using a combination of hot, warm and/or cold sites.
  5. Step up monitoring of network and email traffic. The most common vectors for intruders are unprotected devices on your network and targeted phishing emails. Follow best practices for restricting attachments via email and other mechanisms and review network signatures.
  6. Patch externally facing equipment. Attackers actively scan for and will exploit vulnerabilities, particularly those that allow for remote code execution or denial of service attacks.

Cybersecurity plays a mission-critical role in your organization and society-at-large. every second of every day. Together we will prevail over those who challenge our security and way of life.

Read More


Consider PREtect as a Precautionary Measure

Our highest level of security is PREtect Premium. This service includes our top four most cyber-resilient services including:

  • Managed SIEM with 24/7 Security Monitoring and Analysis
  • Managed Detection and Remediation (MDR)
  • Responsive Patch Management
  • Real-time Vulnerability Management

Learn more about PREtect here: https://cybriant.com/pretect/

 

Andrew Hamilton

Andrew Hamilton

CTO

Andrew Hamilton is a member of the executive management team of Cybriant, a leader in the cybersecurity services industry. As CTO he is responsible for the technical vision and the delivery of services at Cybriant. Since its founding in 2015, Andrew has led the selection, evaluation, and adoption of all security technology and tools utilized by Cybriant in the delivery of its managed security services.

PREtect

Related Posts
FBI Reports Rise in PYSA Ransomware Attacks

In a bulletin posted in March of 2021 on its ic3.gov website, the Federal Bureau of Investigation warned of an Read more

Understanding Cybersecurity Attack Vectors and Protecting Your Data
cybersecurity attack vector

Hackers understand every angle of cybersecurity attack vectors, so it's important that you do as well. Once you know how Read more

Why is Log Management Critical for Security and Reliability of Infrastructure?
log management

Log management is a critical piece of your information technology and cybersecurity strategies, and a potentially required piece if your Read more

8 Best Practices for Patch Management to Improve Cybersecurity
best practices for patch management

As a vital piece of your overall cybersecurity strategy, here are 8 best practices for patch management. 

Get The Latest Cyber News In Your Inbox

Cyber news and threat updates from our cybersecurity experts.

You have Successfully Subscribed!

Users love Cybriant on G2

You have Successfully Subscribed!