US government issues alert over potential cyber attacks on vital infrastructure, traced back to Iranian sources
The U.S. government has issued a warning to critical infrastructure operators about potential Iranian cyberattacks, following a series of disruptive attacks on U.S. networks and internet-connected devices by both hacktivists and Iranian-government-affiliated actors.
According to the advisory, published by multiple agencies including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the National Security Agency (NSA) and the Pentagon's Cyber Crime Center, Iranian operatives tend to exploit targets of opportunity that use unpatched or outdated software with known flaws or configuration issues like default passwords.
The threat advisory comes amidst reports of increased DDoS campaigns against U.S. and Israeli websites following the U.S. intervention in the skies over Iran. Furthermore, during Israel's late-2023 offensive in Gaza, hackers affiliated with Iran's Islamic Revolutionary Guard Corps hacked into operational technology equipment powering water utilities and other infrastructure, including in the U.S.
The new warning reflects federal officials' concerns about potential collateral damage from the U.S. joining Israel's war with Iran. John Hultquist, chief analyst at Google Threat Intelligence, has advised against overhyping the threat to prevent Iran from achieving its psychological warfare objectives.
The advisory recommends several key security measures for critical infrastructure operators to defend against potential Iranian cyberattacks. These include disconnecting OT and ICS assets from the public internet, enhancing employee awareness and training, keeping systems patched and updated, using multifactor authentication, network segmentation and security by design, deploying advanced endpoint protection platforms, developing sector-specific risk management and maturity models, increasing collaboration and information sharing, and implementing a comprehensive Human Risk Management program.
Moreover, the advisory suggests that Iran might target U.S. firms for near-term cyber operations due to the current geopolitical environment, specifically the Trump administration joining Israel's aerial campaign against Iran's nuclear program and related assets. Iranian hackers have also launched hack-and-leak operations that caused financial losses and reputational damage for victims, according to the advisory.
Adam Meyers, senior vice president of counter adversary at CrowdStrike, recently stated that Iran's cyber operations allow for extended reach and deniability. The U.S. government's advice stresses proactive preparation, hardening network defenses, training personnel, limiting public exposure of critical systems, and continuously monitoring and upgrading security to mitigate the increasing Iranian cyber threat landscape.
Read also:
- Labour's Online Safety Bill transforms into a high-stakes political dilemma
- Tool for Intune Server Administration
- Enhancing Control Over Tech Dependencies in the Internet Is BSI's Ambition
- Financial institutions under the OCC's supervision assess the impact of a data breach, with certain banks restricting the exchange of information.
