2020: New Breed of Cyber Threats

If the start to this new year is any indication as to how cybersecurity risk looks to unfold over the next 12 months, then we are in for a very nerve-wracking 2020.

As if the typical array of devastating cyber-criminal activity wasn’t enough to cause a lack of sleep, the United States government, including the Department of Homeland Security and the State Department, are issuing ominous warnings related to a brand new onslaught of Iranian cyber-attacks. The reason for this escalation of concern was triggered by the recent U.S. airstrike against one of Iran’s top military leaders. Iran possesses very capable cyber-attack capabilities and have a long history of targeting U.S. computer assets, including those belonging to government, private industry, and infrastructure entities. One government website has already been compromised.¹

Here is just a sampling of the methods Iranian cyber-attackers generally utilize to achieve their goals:

ATTACK METHODOLOGY 1: BRUTE FORCE ATTACKS

• Extended brute force attempts against external services to gain access. 
  • Primarily, these attacks have been focused on U.S. government assets but any foothold in our country is sought by nation state actors to use as a relay to defeat IP range blocking methods. This tactic is in active use against U.S. government assets.²
• Defense Strategy:
  •  Implement account lockouts for failed passwords on all external services. Be sure to monitor for bad username attempts as well. Deploy multifactor authentication wherever possible.
    
    

ATTACK METHODOLOGY 2: PHISHING ATTACKS

• Sending very well-crafted emails to coerce or convince the recipient to install software or enter credentials.
  • Any U.S. citizen or U.S. government employee is a target for this type of attack. The goal can range from stealing money to compromising classified material. Compromised credentials could be used to log into a company VPN and establish an electronic base of operations in the U.S. 
• Defense Strategy:
  • Start or continue to expose your employees to phishing tests and regular security awareness training. Work with a trusted advisor to conduct real-world phishing campaigns with payloads that test your security infrastructure and incident response process. This is the most common attack vector and most victims are not prepared to respond, which incurs longer downtime and higher recovery costs. 

While the IT and security functions in your company will do the lion’s share of defending your organization, you play a critical role in keeping your business and your personal data safe. Since over 90% of data breaches are initiated via social engineering attacks such as spear phishing, stay vigilant for suspicious emails and avoid providing sensitive information or clicking on links without confirming (e.g., via phone) that the sender is in fact a trusted contact. Other best practices include refraining from browsing websites that are not work-related. If you see something you feel is even remotely suspicious, contact your company’s security and/or IT contact.

For more information about how Citrin Cooperman’s Technology and Risk Advisory Consulting (TRAC) team can help keep your business safe, please contact Kevin Ricci for more information. 

¹ https://threatpost.com/hackers-deface-u-s-gov-website-with-pro-iran-  messages/151559/ 

² https://www.wired.com/story/iran-apt33-us-electric-grid/