In a tweet, Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs, warned of increased cyber-activity from Iranian hackers. Additionally, the agency is urging US companies to take protective measures against these hacker groups’ most common practices — the use of data-wiping malware, credential stuffing attacks, password spraying, and spear phishing.
Also worth noting, researchers at security firms FireEye and CrowdStrike have spotted phishing campaigns linked to a known Iranian hacking group. The group uses powerful destructive tools, like the Shamoon disk-wiper, that was recently used to attack Saudi Government targets and destroyed 35,000 machines at Saudi Aramco in 2012.
According to CrowdStrike, the targets of the attacks appear to be US government and energy-sector entities, including oil and gas, and that it had seen email lures posing as messages from the White House’s Executive Office of the President.
In a statement, Adam Meyers, CrowdStrike’s vice president of intelligence, said: “They are going to potentially look for ways to retaliate in the event that there is an attack, and disrupting the global energy market would fall well within the area they see as appropriate.”
IT pros should be on guard and businesses, regardless of size, should continue to strengthen their cyber hygiene with comprehensive security awareness training.