The cyber globe is becoming contaminated, by every passing day, due to never-ending cyber attacks. A scenario happened a couple of years ago, witnessed by millions, also fueled up and created a deteriorating situation. It was when the Obama administration ramped up the sanctions on Iran in 2011. The penalty was also imposed for the offensive video on YouTube which launched the distributed denial of services attacks against dozens of U.S. financial institution, known as Operation Ababil. The repercussions amid these two countries are even worse than before due to cyber-attacks. The leaders’ gestures and words are also the main sources of this cyber-attack escalation.
U.S. needs to be more secure because this escalation possesses more significant vulnerabilities to U.S. infrastructure. It can be stuck in the crosshairs because the Iranian actors are retaliating in cyberspace. The U.S Federal agencies and industries namely aerospace, defence, financial services and energy, have to take steps diligently. They must take extra-precautions for the protection of their computer networks from cyberattacks.
The Advanced Persistent Threat (APT) 33
Many researchers have to monitor Iranian campaigns. Lately, I perceived rise in the activity. A group is known as Advanced Persistent Threat (APT) 33, which works for the Iranian government, is gradually spreading its web to trap. In accordance with a testimony that says, APT33 has recently targeted Saudi and American companies in engineering, defence, aerospace, finance and healthcare companies. Meanwhile, it has also been heard that someone is releasing hacking tools. Moreover, this activity on the internet is believed to be used by another congregation with ties to Iran, known as APT34.
Factually, Iran is getting squeezed in the real world economy and cyberspace. There are plenty of evidences, which manifest that whenever Iran feels threatened, the ratio of cyber-attacks by Iranian intruder’s increases. Above all, Iran is widely believed known to be accountable for one of the most destructive cyberattacks ever, large-scale data sabotage targeting the Saudi Aramco oil company in 2012. Furthermore, a couple of weeks before the owner of Sands Hotel, Sheldon Adelson proposed his view of bombing Iran. This recommendation by Adelson was to answer the unlawful activities by Iran and its hackers, to abandon its nuclear program in 2014. 2014 was a year when a casino was hit by malware and the data wiped out form its desktop and servers.
Try out these tips and stop being an easy target
Every person in the public sector must avoid being phished. Take extra minutes to vet everything when dealing with email or anything on the internet. Your few minutes will save you from a considerable loss. Email recipients need to be watchful while reading an email to look for anomalies in the email address of familiar contacts. In case you find an anomaly without wasting a single minute forward the email to an internal security group. Do shun opening irrelevant attachments or links received from unknown sources. IT administrators need to have an up-to-date understanding of current phishing trends. They must educate their users so they will be able to identify suspicious emails quickly. To track the latest social and technical methodologies of attacker’s, IT security professionals must take an overview of even blocked emails. This step will help to make a profound defensive security system.
Password reuse is quite a common hacking technique. Similarly, automated tools can be used by intruders to test stolen passwords (named as credential stuffing). Security teams need to implement on latest defence mechanisms and best practices within IAM (identity and access management). For example, multi-factor authentication, unique passwords for every service, and a mobile password manager to store the resulting credentials.
On the other hand, another commonly known trick to compromise sensitive targets is by first identifying and compromising partners, vendors and suppliers. System administrators must audit third-party network access on a regular basis, which can mainly occur via API, and alters to third-party risk profiles through threat intelligence. There are specific categories to monitor for third parties. It incorporates, credential exposures, targeting on criminal forums, technology stack vulnerabilities, typo-squats and detected malware.
Federal agencies should monitor contractor access and comply with information security best practices.