US Department of Homeland Security warned that Iranian hackers destroy data
US Cybersecurity Division (Cybersecurity and Infrastructure Security Agency, CISA), belonging to the US Department of Homeland Security, warned of increased activity from Iranian hackers and called on US companies to take protective measures.
According to CBS News, a warning was issued after escalating tensions between US and Iran, during which Iranian hackers intensified attacks against US companies.“In recent weeks, hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy, including oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which regularly track such activity”, — reported in CBS News.
CISA experts warned that arsenal of Iranian hackers most often consist of the following attack methods and types of compromising:
- targeted fishing of all sorts;
- credential stuffing – this term refers to situations when usernames and passwords are stolen from some sites and then used against others. In this case, attackers have a ready-made database of credentials (acquired on a darknet, collected on their own, and so on) and try to use this data to log in to any sites and services under the names of their victims;
- password spraying – an attack in which various usernames are searched and attempted to be used with the same password (for example, 123456 or qwerty), hoping to detect a badly protected account;
- wipers (wiper) – malware, focused not just on data theft, but their targeted destruction and sabotage.
It should be noted that Iranian APTs have been using vipers for a long time in their campaigns. For example, Malware Shamoon was discovered for the first time back in 2012 and was subsequently used to attack large oil and gas companies (Aramco, RasGas). In 2016 and 2018, the malware was still active and was used to attack oil and gas enterprises in Italy and the Middle East.
The situation at the moment does not cause much concern CISA, but forewarned is forearmed.
“It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software”, – also noted in CISA.
Source: https://www.cbsnews.com