Increasing Iranian Threat Actors and Risk of Wiper Malware Attacks

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) director warned about the spike in cyberattacks by ‘Iranian regime actors.

The warning of Christopher C. Krebs came as tensions develop between Iran and the U.S. Iran was charged of planting magnetic mines to wreck commercial shipping boats. Iran striked a U.S. surveillance drone while it was hovering over the Strait of Hormuz, Iran’s territory.

The U.S. prepared for an air strike, however President Trump aborted it to avert the likely loss of life. Nevertheless, the U.S. proceeded with a cyberspace strike. The U.S. cyber Command attacked the Iranian spying group – Islamic Revolutionary Guard Corps, which is believed be responsible for the mine planting activities. A recent Washington Post report stated that the cyberattacks weakened the group’s command and control system utilized for firing missiles and rockets.

Threat actors from Iran are very busy. Cyberattacks on U.S. establishments and government establishments are going up. Though many cyberattack strategies could be used, Iranian threat actors make use of wiper malware. Aside from stealing data and money, the malware wipe systems clean and disable existing networks.

Iran is one country that uses capable threat actors for economic espionage, stealing trade secrets and sensitive information. Iranian hackers likewise carry out catastrophic cyberattacks.

It is believed that Iranian hackers were to blame for the SamSam ransomware attacks on healthcare firms and the 2012 cyberattack on Saudi oil company, Aramco, which used shamoon wiper malware.

Wiper attacks create substantial damage, such as in 2017 when there was $4 to $8 billion in global financial losses due to the NotPetya wiper malware attacks. There were losses amounting to $300 million due to the cyberattack on the Maersk shipping company. A Carbon Black report mentioned that in the last 12 months, 45% of healthcare CISOs have encountered a wiper malware attack.

Hackers may be highly capable of launching cyberattacks but they still make use of simple methods, like password spraying, phishing and spear phishing, credential stuffing, and social engineering to exploit vulnerable networks.

All these attack methods can be hindered through basic cybersecurity measures, which include using strong passwords, altering default passwords, rate limiting on logins, applying the rule of least privilege for setting up user permissions, implementing multi-factor authentication, closing off dormant ports, deactivating RDP, quick patching, utilizing a robust backup technique, and training personnel about security awareness.

Krebs informed all U.S markets, government departments, and businesses to be careful of the risk of cyberattacks. If there are suspicious incidents, be wary and act quickly.