The Patriot Files Forums  

Go Back   The Patriot Files Forums > Warfare > Cyber

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 06-24-2019, 01:48 PM
Boats's Avatar
Boats Boats is offline
Senior Member
 

Join Date: Jul 2002
Location: Sauk Village, IL
Posts: 21,784
Exclamation DHS cyber director warns of surge in Iranian “wiper” hack attacks

DHS cyber director warns of surge in Iranian “wiper” hack attacks
By: Sean Gallagher - ARS Technica - 6-24-19
RE: https://arstechnica.com/information-...-hack-attacks/

"Wiper" attacks targeting US companies' data are on rise, CISA Director Krebs says.

With tensions between the US and Iran on the rise following the downing of a US military drone last week, the director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency is warning that Iran is elevating its efforts to do damage to US interests through destructive malware attacks on industrial and government networks.

In a statement issued on Saturday, June 22, CISA Director Christopher C. Krebs said:

CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. Iranian regime actors and proxies are increasingly using destructive "wiper" attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.

Krebs urged businesses and agencies to take steps to improve their security hygiene, including implementing multi-factor authentication for user credentials to prevent brute-force attempts to connect to exposed network and cloud applications.

A brief history of Iranian(?) Wipers

There have been allegations of Iranian-backed wiper attacks in the past—the most infamous of which is Shamoon, a family of malware that first emerged in an attack against Saudi Aramco in August of 2012.

Shamoon, which in its first outing took down approximately 30,000 workstations, was launched after a state-sponsored wiper attack against Iran in April of that year. It's believed to be connected to the same (US-Israeli) state-sponsored development team that built the Stuxnet malware that attacked Iranian nuclear labs. Tied to the suspected Iranian "threat group" APT33, Shamoon was refreshed for another attack against multiple Saudi targets in December 2016.

Other wiper attacks from Iran have been somewhat less sophisticated. In January of 2014 after Las Vegas Sands Corp. majority owner Sheldon Adelson called for a nuclear attack on Iran, Iranian hacktivists used a Visual Basic-based malware attack to wipe the drives of Sands' computers.

Most other recent Iran-attributed attacks have focused on data theft—including attacks focused on aviation and energy companies. In 2015, a group tied to the Iranian Revolutionary Guard Corps used spear-phishing attacks to compromise computers at the US State Department, stealing data that may have led to the arrest of multiple Iranians holding dual US citizenship. Other attacks attributed to Iran have focused on taking down Web servers at financial institutions.

Cyber-escalation

While President Donald Trump called off a planned military strike last Friday in response to the downing of the drone, the Department of Defense has reportedly gone ahead with cyber attacks against an Iranian intelligence group connected to attacks against oil tankers in the Persian Gulf. Another cyber attack reportedly targeted Iranian missile fire control systems.

It's not clear the form these attacks took. And in a post to Twitter today, Iran's Minister for Information Mohammad Javad Azari Jahromi claimed that the cyber attacks were unsuccessful, Reuters reports.

About this writer: Sean is Ars Technica's IT and National Security Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.
__________________
Boats

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

"IN GOD WE TRUST"
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 03:04 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.