Lots of readers have asked if they need to be worried about cyber attacks from Iran as the military action between that country and the United States continues. While the answer is “yes,” there’s a lot more to the answer than that simple, single word can really cover.
The reality of the situation:
First and foremost, Iran and other nations routinely launch cyber attacks against nearly everyone else in the world. While there has been a definite uptick in the number of those attacks from Iran, they’re using techniques that they’ve been using since before hostilities began. That’s good news, because those tactics and techniques are know to the cybersecurity community. When you hear your IT department or local technical nerd talking about taking precautions, you should be listening.
Next, it’s important to point out that Iran has already had some success with attacking large US companies since the military action began. A “hacktivist” group (people who – on the surface, at least – launch cyber attacks for political and/or protest reasons) that is known to be directly affiliated with the Iranian government took down Stryker, a medical device manufacturer, for several days about a week ago. The attack wiped all data from every company-managed device in the entire organization, which not only directly impacted Stryker’s ability to generate revenue, but also had all their customers (just about every doctor, dentist, and hospital in the US and many EU countries) scared to use their devices for the potential that their own organizations could get compromised. As it turned out, their customers weren’t at risk, but it was a real concern for the first 24-48 hours of the attack.
Finally, Iran is not the only country that launches cyber attacks against people and businesses in the US. China, Russia, and many others routinely attack orgs and the general public in the US. During periods of military action, other countries have a habit of ramping up their own cyber threat activity because they can use the combatants attacking each other as “cover” for their own shenanigans. So while the current situation may be focused on Iranian threat actors, it’s extremely important to realize that they’re not the only player on the world stage.
So what can you do?
Iranian threat actors tend to use two methods to compromise organizations and people: Social Engineering and Exploitation of Vulnerabilities. While this isn’t a list of everything they try, nearly all their attacks start by following one of those two paths. The Stryker attack appears to have started with Social Engineering, at least according to the best information we have at this time. This means there are indeed things you can do to protect yourself, your families, and the companies you work for.
1 – Always keep things updated. I can’t stress how important this is, as Iranian threat actors absolutely love to take advantage of outdated software that has security holes in it. Whenever Windows or macOS wants you to apply an update, do it that evening. Both can be set to install these Operating System (OS) updates overnight, so just let them do what they’d normally do and have them update your machine while you’re asleep. As for applications, there’s a few ways to keep things up-to-date. On macOS, anything you got from the Mac App Store can be updated just by opening the store – it will show you what apps have updates you should be installing. Get into the habit of doing this once a week or so. Just go to the Apple menu, then App Store, then look for Updates in the left-hand sidebar. On both Windows and macOS, most applications will also routinely check for updates themselves and will alert you when a new version is available. For your company devices, do the same things as at home, but also allow reboots and restarts of applications when your company “pushes” out updates to your laptop or desktop. Don’t ignore those updates, finish what you’re doing, then allow the update to be applied.
2 – Arm yourself with basic user security techniques. You don’t need to become a cybersecurity expert in any way, just take basic precautions. Iranian threat actors like to use Social Engineering, so arming yourself with knowledge about how to avoid phishing emails, text messages, and phone calls will definitely help. I’ve got an article on this blog about what to look for: HERE
3 – Don’t Panic! Not only is that the tag-line from one of the best sci-fi book series ever (Hitchhiker’s Guid to the Galaxy), but it is sound advice when there are military actions that result in higher-than-normal cyber threat activities. Panic leads to rushing, which can lead to mistakes being made. Update your software and Operating System. Be on alert for phishing attacks. If you think something is going on, reach out to your company IT team for help (or to trusted technology folks you know for home systems). By quickly and calmly acting to deal with any problems, you can often stop a threat actor before they do significant damage. Panicking, being embarrassed that something happened, and rushing to fix something without the proper knowledge will both allow the threat actor to do more damage and also is likely to cause more problems in and of itself.
Summing up:
Military action against another country that is well-known for cyber threat activity is going to lead to more attacks, against more companies and people. This is a basic truth of living in our current world which cannot be changed – or at least not changed easily. You can, however, arm yourself with knowledge and techniques to keep yourself, your family, and the company you work for safe and secure. Stay calm, stay aware, and stay safe as we go through this time of cybersecurity threat – and continue doing those things after this time is over, as they are always a good idea.
