“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” said CISA director Christopher C. Krebs in a statement.
Escalating Tensions
These days, it’s essentially vital for all consumers to enable two-factor authentication on all major platforms that support it, including Twitter, Facebook, Google, Outlook, and more. Even without direct access to email for password resets, actors could compromise a social media account to distribute malicious files to colleagues or perform a social engineering attack. In particular, the US has highlighted spear-phishing, a commonly used tactic by Iran where an attacker sends emails from a compromised trusted user in the hopes of discovering confidential information. Of course, the US is running a cyber-campaign of its own against Iran, and has reportedly carried out cyber strikes on key Iranian targets such as computers that control missiles and other infrastructure. The tensions between the two countries concern Trump’s withdrawal from the 2015 nuclear deal, with subsequent sanctions against Iran and further sanctions more recently. Data wiping is one of the most aggressive tactics a country can use in an attack, significantly affecting infrastructure while often maintaining a degree of deniability. In 2012, Iranian hackers deployed Shamoon malware which caused two of Saudi Arabia’s biggest oil companies to temporarily cease operations. It made appearances again in 2016 and 2018. As the online threat landscape evolves, it’s clear governments are being forced to re-consider what constitutes as warfare. Malicious actors are now able to cripple infrastructure without putting any planes in the air. Unfortunately, citizens can often be the staging point for such attacks and are having to secure themselves accordingly. You can view CISA’s full statement and advice on its official website.