U.S. Warns of Iranian Cyber Threats on Critical Infrastructure
The U.S. cyber agencies, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have issued an urgent warning about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) has warned that there are no indications of an ongoing campaign, but urges critical infrastructure organizations and other potential targets to monitor their defenses due to the current unrest in the Middle East and previous cyber attacks linked to Iran.
The joint fact sheet issued by the cyber agencies highlights the increased risk faced by Defense Industrial Base (DIB) companies with ties to Israeli defense and research. These organizations are at a higher risk of being targeted due to their connections, while other critical infrastructure sectors such as energy, water, and healthcare are also considered potential targets.
The advisory warns that Iranian threat actors are known to exploit unpatched vulnerabilities or utilize default passwords to gain access to breached systems. This was evident last year when IRGC-affiliated Iranian threat actors breached a Pennsylvania water facility in November 2023 by hacking into Unitronics programmable logic controllers (PLCs) exposed online.
Iranian-affiliated hackers also work with or act as hacktivists, performing distributed denial-of-service (DDoS) attacks or defacing websites. These attacks are often conducted in conjunction with politically motivated messages, with the attackers promoting their activities on X and Telegram. In some cases, Iranian threat actors have utilized ransomware or worked as affiliates with Russian ransomware gangs, such as NoEscape, Ransomhouse, and ALPHV (also known as BlackCat).
Many of these attacks were focused on Israeli companies, where they encrypted devices and leaked stolen data. In some instances, the attackers used data wipers instead of ransomware to conduct destructive attacks on organizations.
Best Practices for Protection
CISA, the DoD, the FBI, and the NSA are urging organizations to adopt the following best practices to protect against these threats:
- For more information, organizations can read CISA's Iran Threat Overview and the FBI's Iran Threat web pages.
- Adopt a zero-trust approach to security, where all users and systems are treated as untrusted.
- Implement regular vulnerability assessments and patch management.
- Use multi-factor authentication to prevent unauthorized access.
- Monitor for suspicious activity and implement incident response plans.
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques. Drawing from Wiz's detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.
Cyber Threats to Watch Out For
Some of the notable cyber threats to watch out for include:
- Anubis ransomware, which adds a wiper to destroy files beyond recovery.
- New IOCONTROL malware used in critical infrastructure attacks.
- Ransomware and data wipers targeting Israeli companies and organizations.