ALERT- Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

The current tension between Iran and the United States is raising concern in many areas of our country’s security. But due to Iran’s history of using cyber offensive activity, our cybersecurity is a huge concern of target.  

In similarity to all cyber criminals, Iranian cyber threat actors are continually improving their cyber attacking capabilities. Iran has a history of leveraging asymmetric tactics to attack national opponents in ways that surpass their conventional capabilities. Iran has actively exercised its highly and continually sophisticated methods and abilities to social and political avenues. They are using cyber-attacks as one of their top methods of harm to regional and international threats and opponents.   

Iran specifically targets any perspectives that are deemed dangerous to them. While no one is immune from these threats, Iran primarily going after organizations in the following industries: 

• Financial Services.
• Healthcare. 
• Critical Manufacturing. 
• Communications. 
• Government Facilities.  
• Chemical. 
• Defense Industrial Base. 

Not only is Iran targeting these industries of their opponents, but the Iranian Government is linked to specific offensive cyber operations in these industries. The Government (CISA) has given steps of actionable technical recommendations that IT providers and professionals can take to reduce their vulnerability, primarily focusing on vulnerability mitigation and incident preparation:

1. Disable all unnecessary ports and protocols. Review network security device logs and determine whether to shut off unnecessary ports and protocols. Monitor common ports and protocols for command and control activity. 
2. Enhance monitoring of network and email traffic. Review network signatures and indicators for focused operations activities, monitor for new phishing themes and adjust email rules accordingly, and follow best practices of restricting attachments via email or other mechanisms. 
3. Patch externally facing equipment. Focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service on externally facing equipment. 
4. Log and limit usage of PowerShell. Limit the usage of PowerShell to only users and accounts that need it, enable code signing of PowerShell scripts, and enable logging of all PowerShell commands. 
5. Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network. 

 We are always working to integrate and take steps to help. For instance, we are monitoring backups for customers continually, and reviewing vulnerabilities as we are made aware and working to, scheduling and monitoring patches to the systems. As you can imagine our team is on alert and has a heightened awareness to these potential threats and actively placing priority on the awareness of the situation. If you have any questions on what you can do or any concerns, we encourage you to reach out to us.  

Your happiness is directly tied to the security of your IT systems and therefore the more emphasis and awareness you have on this risk, the better.