DHS Advisory on Iranian Cyber Activity

As discussed in an email WaterISAC sent to members on June 24, Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), issued an advisory indicating his agency is aware of “a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.” Krebs highlighted “destructive ‘wiper’ attacks” as a type of activity these threat actors are using increasingly. One of the most infamous wiper attacks, that against the energy company Saudi Aramco in 2012, is suspected to have been perpetrated by Iranian regime actors. That attack disabled 30,000 workstations and caused significant disruptions to Saudi Aramco’s operations. It is believed the attack began when an employee opened a malicious phishing email, allowing initial entry into the company’s IT network.

As demonstrated by the Shamoon attack, as well as countless other incidents, highly destructive and costly incidents can be enabled by something as simple as an employee clicking on a link or opening a file in an email. To assist organizations with protecting themselves against these tactics, as well as others that may be employed to facilitate attacks, DHS reminds its partners of the following tips and best practices:

• Avoiding Social Engineering and Phishing Attacks
• Password Spraying – Brute Force Attacks
• Choosing and Protecting Passwords
• Supplementing Passwords

For more best practices, WaterISAC encourages members to consult its recently published 15 Cybersecurity Fundamentals for Water and Wastewater Utilities.