US government issues alert over potential cyber attacks on vital infrastructure, traced back to Iranian sources
The U.S. government has issued a warning to critical infrastructure operators about potential Iranian cyberattacks, following a series of disruptive attacks on U.S. networks and internet-connected devices by both hacktivists and Iranian-government-affiliated actors.
According to the advisory, published by multiple agencies including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the National Security Agency (NSA) and the Pentagon's Cyber Crime Center, Iranian operatives tend to exploit targets of opportunity that use unpatched or outdated software with known flaws or configuration issues like default passwords.
The threat advisory comes amidst reports of increased DDoS campaigns against U.S. and Israeli websites following the U.S. intervention in the skies over Iran. Furthermore, during Israel's late-2023 offensive in Gaza, hackers affiliated with Iran's Islamic Revolutionary Guard Corps hacked into operational technology equipment powering water utilities and other infrastructure, including in the U.S.
The new warning reflects federal officials' concerns about potential collateral damage from the U.S. joining Israel's war with Iran. John Hultquist, chief analyst at Google Threat Intelligence, has advised against overhyping the threat to prevent Iran from achieving its psychological warfare objectives.
The advisory recommends several key security measures for critical infrastructure operators to defend against potential Iranian cyberattacks. These include disconnecting OT and ICS assets from the public internet, enhancing employee awareness and training, keeping systems patched and updated, using multifactor authentication, network segmentation and security by design, deploying advanced endpoint protection platforms, developing sector-specific risk management and maturity models, increasing collaboration and information sharing, and implementing a comprehensive Human Risk Management program.
Moreover, the advisory suggests that Iran might target U.S. firms for near-term cyber operations due to the current geopolitical environment, specifically the Trump administration joining Israel's aerial campaign against Iran's nuclear program and related assets. Iranian hackers have also launched hack-and-leak operations that caused financial losses and reputational damage for victims, according to the advisory.
Adam Meyers, senior vice president of counter adversary at CrowdStrike, recently stated that Iran's cyber operations allow for extended reach and deniability. The U.S. government's advice stresses proactive preparation, hardening network defenses, training personnel, limiting public exposure of critical systems, and continuously monitoring and upgrading security to mitigate the increasing Iranian cyber threat landscape.
- The U.S. government's advisory on potential Iranian cyberattacks highlights the importance of cybersecurity for critical infrastructure operators, especially in the current geopolitical climate with war-and-conflicts, politics, and general-news impacting the situation.
- To defend against Iranian cyberattacks, the advisory suggests adopting various security measures such as disconnecting operational technology and industrial control system assets from the public internet, keeping systems patched and updated, employing multi-factor authentication, network segmentation, and security by design, deploying advanced endpoint protection platforms, developing risk management models, enhancing employee awareness and training, increasing collaboration, and implementing a comprehensive Human Risk Management program.
- John Hultquist, chief analyst at Google Threat Intelligence, advises against exaggerating the threat to prevent Iran from achieving its psychological objectives through cyberattacks, while Adam Meyers, senior vice president of counter adversary at CrowdStrike, emphasizes the extended reach and deniability of Iran's cyber operations.
- Iranian hackers have been known to exploit targets of opportunity with unpatched or outdated software, but they might also target U.S. firms for near-term cyber operations in response to recent geopolitical events like the Trump administration joining Israel's aerial campaign against Iran's nuclear program and related assets. Such operations may include hack-and-leak operations that cause financial losses and reputational damage.
