The tension with Iran has generally increased, it has been reported that the U.S. has launched a cyber-attack against Iran, and in retaliation, the risk of Iranian-backed wiper malware attacks against U.S. businesses and governmental agencies has increased according to the Department of Homeland Security (“DHS”).
DHS recently issued a warning to U.S. businesses to be on high alert for Iranian-backed wiper malware attacks that are being launched in the traditional ways of phishing and spear phishing campaigns, social engineering, credential stuffing or password spraying. Wiper malware is particularly vicious because it doesn’t just steal money, data or trade secrets like traditional malware and ransomware, but once introduced into a company’s system, it completely wipes all of the data and it can’t be retrieved by paying a ransom. This would obviously be devastating to a business, critical infrastructure or governmental agency — potentially more devastating than we have seen with ransomware attacks’ impact on businesses and municipalities.
To put it in perspective — in 2017, NotPetya wiper malware was resulted in global financial losses of between $4 billion and $8 billion. Further, Carbon Black recently reported that 45% of healthcare CISOs have experienced a wiper malware attack in the past 12 months. As a reminder, the malware SamSam, which crushed the healthcare industry several years ago, was launched by Iranian-backed attackers.
DHS urges businesses to be on high alert and to address any incidents. According to DHS, all of these attack methods can be blocked with basic cybersecurity measures including:
- enforce the use of strong passwords/passphrases
- change all default passwords
- rate limit logins
- identify and prohibit forwarding rules
- apply the rule of least privilege when setting permissions
- implement multi-factor authentication
- close unused ports
- disable RDP
- prompt patching
- adopt a robust backup strategy, and
- provide security awareness training and education to employees.
These are all basic cybersecurity measures to implement. Nonetheless, DHS states that presently all U.S industries, government agencies, and businesses should be alert to the risk of wiper malware attacks coming out of Iran.