After Friday’s announcement of the killing of Major General Qassem Soleimani, a leader of Iran’s Quds Force, several regulators have put industry on high alert of the increased potential for cyber-attack. Iran has a known history of launching cyber-attacks against US industry, and regulators warn industry to prepare for a possible rise in cyber-attacks.
The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, New York Department of Financial Services and even ISACs like the Health Information Sharing and Analysis Center issued alerts this week, to name a few.
While it is important to note that there is no specific, credible, threat of new Iranian attack, Iran has a proven track record of attacks on health care, financial services, educational institutions, energy, telecommunications, other critical infrastructure and large corporations. In addition to U.S. government alerts, many tech companies, service providers and security companies have released alerts regarding Iranian attacks against private industry.
Recommended Actions from CISA – Things to do Today
CISA outlines five steps to do today to strengthen basic cyber defenses:
- Prepare the Organization for Response: Review incident and crisis response plans, consume and operationalize threat intelligence, minimize IT/security staffing coverage gaps and ensure your phone trees are up-to-date to respond.
- Increase Organizational Vigilance: Ensure your security personnel know how to identify anomalous behavior that may indicate compromise. Flag Iranian indications of compromise (IoCs). For more information on patterns of publicly known Iranian Advanced Persistent Threats, please see the CISA alert (describing common Iranian attack techniques such as, use of: credential dumping, obfuscated files/information, data compression, PowerShell, user execution, scripting, and registry run keys/startup folder).
- Confirm Reporting Processes: Ensure your organization’s staff members know how and when to report an incident.
- Exercise Your Incident Response Plan: Ensure your incident response team is aware of the plan (with any related crisis response plans) and can execute the steps that they need to take during an incident.
- Confirm Backups: Confirm your organization has appropriate backups, and ensure it has offline backups, because attackers commonly attack backup sources.
In addition to these basic steps, our team can assist you with greater organizational awareness of cyber security for Iranian threats and beyond. Please contact the authors or the Alston & Bird attorney with whom you normally work if you would like more information on cyber threat preparedness and what technical, operational and legal actions companies should take.