alswart - stock.adobe.com

DHS warns of increased Iranian cyberattacks on enterprises

The cyberthreat warning from Christopher Krebs, director of the DHS Cybersecurity and Infrastructure Security Agency, follows escalating tension between Iran and the U.S.

Rising tensions between Iran and the U.S. have put enterprises at increased risk of cyberthreats.

Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), issued a statement over the weekend saying his agency was aware of a recent increase in Iranian cyberattacks from "regime actors and proxies" against both U.S. government agencies and enterprises. Krebs' statement noted the rise in wiper malware threats, which can erase or encrypt an organization's data.

"Iranian regime actors and proxies are increasingly using destructive 'wiper' attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying and credential stuffing," Krebs said in his statement. "What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network."

Past wiper threats include the following:

  • Shamoon, which was linked to Iran following a 2012 attack on Saudi Arabia, erases targeted data and overwrites the master boot record;
  • StoneDrill, which is similar to Shamoon, but also uses detection evasion techniques; and
  • NotPetya, a ransomware variant used by suspected Russian threat actors to encrypt organizations' data without seeking ransom payments.

Krebs' warning urged organizations to shore up "basic defenses," like multifactor authentication. He also tweeted additional CISA security tips for enterprises, including storing data on separate, non-networked backups to mitigate ransomware or wiper attacks.

Last week, CISA issued an alert regarding BlueKeep, a critical Microsoft Windows vulnerability that affected the Remote Desktop Protocol (RDP). CISA's alert, which encouraged users to patch the RDP flaw or apply mitigation measures, followed similar warnings from both Microsoft and the U.S. National Security Agency.

Infosec analysts and researchers have predicted a rise in Iranian cyberattacks since the Trump administration withdrew the U.S. from the Iran nuclear deal in 2018. The latest conflict between the two nations stems from attacks earlier this month on two commercial oil tankers in the Gulf of Oman in the Middle East. The two tankers caught fire following explosions that the U.S. Central Command said were caused by mines.

Next Steps

Potential for Iran cyberattacks raises questions about HR security efforts

Dig Deeper on Threats and vulnerabilities