The US Department of Homeland Security (DHS) is warning of an increased cyber risk following the US’ intervention in the conflict between Israel and Iran.
Both hacktivists and Iranian government-affiliated actors are routinely targeting poorly-secured US networks and internet-connected devices for disruptive cyber attacks, it said.
“The ongoing Iran conflict is causing a heightened threat environment in the United States,” it warned in a security bulletin.
“Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks.”
Iran-linked groups including Domestic Kitten have for some time been carrying out surveillance operations, often targeting Iranian citizens, but with the potential to be deployed for broader abuse overseas.
“They deploy Android malware to exfiltrate sensitive data, track locations, record calls, and access messages. These attack vectors demonstrate Iran’s comprehensive capacity to conduct cyber warfare, aiming at both espionage and sabotage,” said Ted Miracco, CEO of Approov.
“Security teams will need to be more acutely aware of these specific threats to effectively defend against a potential wave of Iranian-backed cyber attacks.”
Tom Pace, CEO of NetRise, suggested that Iran is likely to target low-hanging fruit – vulnerabilities that it can easily exploit – or target outdated SoHo routers and infrastructure for the purposes of creating low to moderate scale botnets.
“CISOs are moving quickly to prepare for potential Iranian retaliation in cyberspace by tightening access controls, validating backups, and watching for TTPs tied to groups like APT33 and APT34, which are tied to Iran,” Pace commented.
“Coordination with ISACs and federal partners is essential to stay current on threat intelligence and emerging attack patterns.”
The Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) and the Information Technology – Information Sharing and Analysis Center (IT-ISAC) have also warned companies that they should prepare for the likelihood of increased cyber attacks.
DDoS attack rates are skyrocketing
Meanwhile, security firm Radware said that last week it saw an 800% surge in claimed DDoS attacks against US industries including finance, government, and military and defense production, particularly companies involved in air defense and aerospace systems.
This appears to reflect a shift in focus, with attacks targeting Israel dropping by 900%.
“Historically, hacktivist-led DDoS activity has served as a reliable early indicator of more focused and sophisticated operations,” said Pascal Geenens, the firm’s director of threat intelligence.
“Due to the flexible nature of DDoS targeting, shifts in focus can happen rapidly — making this type of activity a potential precursor to more persistent and destructive campaigns.”
Former CISA Director Jen Easterly said on Sunday that critical infrastructure organizations should have their ‘shields up’, pointing out that Iran has a track record of retaliatory cyber operations targeting civilian infrastructure including water systems, financial institutions, energy pipelines and government networks.
They should be on the lookout for credential theft and phishing campaigns, wipers disguised as ransomware, hacktivist fronts and false-flag ops and the targeting of ICS/OT systems, she said.
MORE FROM ITPRO
Source link
-
-
- Online Casino Review in Canada.784
- 91 Club Online Casino in India Mobile App Access.1042
-
-
-
-
