Iranian Cyber Threats Give Cover for Other Bad Actors

Cyber Alert Level Increases: Given the recent increase in geopolitical tensions and seen in the “heightened awareness” alerts from the Department of Homeland Security and the FBI, it would be prudent to review your organization’s cybersecurity precautions and communicate to your staff to heighten their awareness.
 
Cybersecurity and Infrastucture Security Agency - Insights
 
The Iranian Cyber Army (APT33 and APT34) use a lot of commodity hacker tools, brute forcing techniques, and often leverage existing exploits. While not as capable as the Russians, Chinese, or North Koreans, they are still very dangerous. Be aware that there is more nefarious activity on the internet than usual now and many bad actors may use this high publicity event as cover for their attacks. Clearly, activating a heightened security posture is a wise move right now.
 
Here are a number of activities you should employ to reduce cyber risk:
  • Patch operating systems – and validate
  • Patch applications (Office, Adobe, Java, browsers, etc.)
  • Use more advanced endpoint protection tools
  • Use stronger passwords (APT33 and APT34 look for variants of “Password”)
  • Disable macros in Office (https://www.ncsc.gov.uk/guidance/macro-security-for-microsoft-office)
  • Turn off any unsigned Powershell on client computers
  • Reduce or remove local administrator access
  • Alert everyone on your network to be extra diligent to avoid phishing schemes!

 
If you are interested in learning how MCPc can improve your readiness and help keep your company cybersafe, please contact

Ronnie Munn, CISO, [email protected] or
Christopher Prewitt, Security Principal, [email protected]