Protecting Your Network from Potential Iranian Cyber Attacks

by

January 14, 2020

The Cybersecurity and Infrastructure Security Agency has released a warning about potential Iranian cyber attacks as a result of heightened tensions between the United States and Iran. Surprisingly, Iranian cyber attacks against the United States are nothing new.

2011 through mid-2013: Using Distributed Denial of Service (DDoS), bad actors blocked bank customers from accessing their accounts, costing financial institutions millions. 

2013: Over the summer of 2013, a cybercriminal hacked the data of the Bowman Dam in New York and gained access to the dam’s operational status. It’s commonly thought that the breach was in preparation for a larger terrorist attack that would have involved flooding the region. 

2014: The famous Sands corporation in Las Vegas was breached, resulting in stolen customer information including financial and personal details.  The hacker wiped corporate computer systems as well. 

2013-2017: Multiple attacks on educational institutions occurred over the course of a four-year period. Hackers stole email credentials, personal information, and intellectual data from numerous educational facilities across the globe, multiple private sector companies, many US and state government institutions, and the children’s charity, UNICEF. 

2020: Iran is up to its old tricks, this time targeting VPNs during a time when many businesses are relying on them the most.

The IRGC, Iranian Revolutionary Guard Corps, was behind many of these attacks and the CISA warns there could be more targeted Iranian cyberattacks in America’s future. 

What Methods are Commonly Used in Iranian Cyber Attacks? 

Iranian cybercriminals have constantly evolved their attacks over time. The scope of their activities can range from DDoS and identity theft to the spread of malware. It is also suspected that the IRGC can create deadly cyber-kinetic attacks by exploiting weaknesses in existing systems, such as might have happened in the Bowman Dam incident. 

Some of the common methods used in Iranian cyberattacks include: 

  • Malware 
  • Spearphishing 
  • Powershell and scripting attacks 
  • Credential hacking 
  • Hidden or hacked files 
  • Data compression 
  • File copying 
  • Registry run keys and startup folder tampering 

Frequently, users unknowingly click on a link or attachment that enables the attack. Hackers also search for weaknesses in security, such as uncovering passwords or unprotected data. 

Why Would the IRCG Target My Business? 

Iranian cyber attacks can affect any business at any time. As proven during the four years spanning 2013-2017, the industry isn’t important: it’s the fallout from the attack that matters. 

It’s vitally important that you make sure your protections are up to date and your security strategy is in place. This includes anti-malware, employee cyber awareness training, backup and recovery systems, and monitoring. 

Protecting Your Network from Potential Iranian Cyber Attacks 

The fundamentals of cyber security always stay the same, no matter the nature or origin of a potential attack.  

1. Be Ready for a Possible Iranian Cyber Attack 

Make sure your network is ready for Iranian cyber attacks by ensuring that all anti-malware protections are patched and updated, all hardware is secure, and data encryption is in use whenever possible.  

Employees should be aware of the potential for breaches in emails and unprotected devices. Since your employees are on the frontline of your security strategy, your entire workforce needs to have cybersecurity awareness training by a professional team of IT specialists. 

2.  Have a Response Plan 

Your organization needs to have clear plans to address a cyber threat in real-time. Make sure your staff knows who to notify and what to do to lessen the damage if suspicious activity is detected.  These topics will be part of your cybersecurity awareness training classes. 

3.  Enhance Monitoring Activities 

Look at your records and logs to see if there are any unnecessary ports and protocols that can be terminated.  Find any potential weakness in your security, such as unprotected devices or vulnerabilities in external facing equipment and patch them.  

4.  Test Back-Up and Recovery Plans 

Your back-up and recovery plans are only good if they actually work during a cyber attack. Make sure you test your business continuity plan to ensure it will be fully functional when it’s needed. 

Integris is Ready to Protect Your Business 

From cyber security awareness training to business continuity plans and every step in between, Integris is ready to help your business stand strong in the face of cyber threats. We provide complete security packages for small to medium sized business, personalized for your needs and budget. 

It’s more important than ever to make sure your business is secure, especially considering the warning from the CISA about an increasing threat of Iranian cyber attacks. 

Contact Integris for a free, no obligation consultation today to see how we can help keep your business up and running, safely and smoothly, no matter what. 

[sc name=”StandardParagraph”]

[sc name=”blog-cta-cybersecurity5″]

We're Integris. We're always working to empower people through technology.

Keep reading

4 Cybersecurity Takeaways from China’s Largest Data Breach

4 Cybersecurity Takeaways from China’s Largest Data Breach

Cybersecurity drama strikes again as human error leads to China's biggest data breach and perhaps the most significant hack of personal information in history. According to Threat Post, the incident was triggered after a Chinese government software developer wrote a...

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

We're making a dent in hacking. Cybersecurity tools are better, and employee security training is better too. The emergence of the cloud means that hacker delights like uninstalled security patches happen far less. Now that most companies are backing up and operating...

The Business Impact of the AGCO Ransomware Attack

The Business Impact of the AGCO Ransomware Attack

On May 6, 2022, global agricultural equipment manufacturer and distributor AGCO announced they were victims of a ransomware attack. The cyber assault hit some of their production facilities on May 5. Restoring operations to normal will take several or more days. While...