The US Cybersecurity and special services issued a joint advisory warning about potential cyber reports from Iranian state-owned or affiliated threat subjects.
‘In the last few months, there has been increasing activity from hativists and Iranian government subjects that are expected – Note.
“These cyber-actors often use the goals based on the use of unprotected or outdated software with well-known vulnerabilities and expositions, either by default or total passwords on the Internet accounts and devices.”
Currently, there is no evidence of a coordinated campaign -active campaign in the US, which can be attributed to Iran, Cybersecurity and Infrastructure (CISA), Federal Investigation Bureau (FBI), Cyber -Cyber Defense Center (DC3) and National Security Agency (NSA).
Emphasizing the need for “increased vigilance”, agencies have nominated the industrial base (DIB) company, in particular those who have connected with Israeli scientific firms as increased risk. The United States and Israeli structures may also be exposed to widespread attack attacks (DDOS) and ransom companies, they added.
Often, attackers start with intelligence tools such as Shodan to find vulnerable internet devices, especially in the industrial management environment (ICS). Once inward, they can use weak segmentation or incorrectly tuned firewall to move toward networks. Previously, Iranian groups used remote access tools (rats), keellger and even legitimate administrator utilities, such as Psexec or Mimikatz to remake access – all at the same time shy away from the basic defense of the final points.
Based on previous companies, attacks installed by Iranian threats, use methods such as automated password guessing, password cracking and default manufacturers to access the Internet devices. They also found that they use system engineering and diagnostic tools for impaired operational technology (OT).
Development takes place a few days after the Internal Security Department (DHS) liberated The newsletter calling on US organizations to search for possible “low -level cyber -level cyber” against the backdrop of constant geopolitical tensions between Iran and Israel.
Last week’s checkpoint disclosed The fact that the Iranian nation-state was tracked as purposeful APT35 journalists, high-profile cybersecurity experts and professors in Israel as part of a fining company aimed at maintaining Google’s Bogus Gmail or Google credentials.
In accordance with the mitigation organizations, it is recommended to follow the stages below –
- Identify and disable OT and ICS assets from public internet
- Make sure devices and accounts are protected by strong, unique passwords, replace weak or default passwords and follow multifactorial authentication (MFA)
- Refill the Foreign Ministry resistant to phishing to access networks from any other network
- Make sure systems work the latest software patches to protect against known security vulnerabilities
- Keep track of users access logs for remote access to OT network
- Establish OT processes that prevent unauthorized changes, loss of vision or loss of control
- Take a complete backup of the system and data to facilitate recovery
For organizations asking where to start, the practical approach is the first review of your external attack surface – which systems are exposed, which ports are open, and whether you are still working. Tools like Cyber -Gigiene Cyber Program Or open source scanners, such as NMAP, can help determine the risks before the attackers. The alignment of the defense with the Miter ATT & CK framework also facilitates the priorities based on real tactics used by the threat subjects.
“Despite the stated ceasefire and permanent negotiations on the permanent decision, Iranian cyber-actors and hutiv groups can still carry out malicious cyber activity,” the agencies said.
