Ostra’s threat intelligence partner, FireEye, assesses with high confidence that Iranian cyber espionage presents a high-frequency, serious intensity threat particularly to organizations in the government, oil and gas, telecommunications, and financial services industries located in the United States, Saudi Arabia, and other Middle Eastern countries. Historically state-sponsored actors have conducted cyber espionage or intentionally destructive attacks as retaliation or revenge for geopolitical or military events.
FireEye has all known Iranian malware virus signatures and automatically pushed out to all licenses. FireEye will continuously automatically update all licenses as future malware viruses become known.
Potential Tactics & Recommended Mitigations
Tactic: Password Spraying – the attempt to harvest legitimate login credentials by trying common passwords against a large number of accounts.
Mitigation: Follow standard password and authentication best practices including;
- Thorough investigation of anomalous login attempts
- Multi-factor authentication for remote access
- Account audits to ensure all are appropriately terminated and have current authentication controls applied
Tactic: VPN Vulnerability Scanning
Mitigation: Ostra ensures our clients’ VPN solution is up to date and patched. We monitors user login and system event logs.
Tactic: DNS Hijacking – Domain name system, is the renaming of IP addresses into human sounding names like google.com. Hackers alter DNS server records in order to make a malicious site appear legitimate)
- Implement multi-factor authentication on domain registrar accounts
- Audit DNS records
- Monitor SSL certificate transparency logs and revoke any fraudulently issued certificates.
Tactic: Spearphishing – email fraud that is targeted to a particular person or company.
- Ensure all device Operating System and applications are up-to-date and fully patched
- Educate users to
- Validate links and attachments before opening,
- Validate the legitimacy of the sender,
- Request secondary validation of unexpected links or attachments
Tactic: Social Media – Iranian actors have used complex social engineering tactics on social media to influence opinion and to perpetrate attacks.
- Be extra cautious of files and links shared on social media sites.
- Validate the identity of unexpected contact through secondary means.