Insights

Iranian cyberattacks and BlueKeep: What you need to know

 

Iranian cyberattacks and BlueKeep: What you need to know

Jul 16, 2019

Hackers have escalated cyberattacks as hostilities have spiked between Washington and Iran, further weaponizing the internet and putting companies on alert.

Iran has been a persistent and “nettlesome” digital foe, with hackers targeting everyone from banks and hospitals to universities and government agencies.

In addition, Microsoft recently confirmed a vulnerability in its remote desktop protocol that could put your systems at risk.

Here’s what you need to know to protect yourself.

Microsoft’s BlueKeep flaw

What is it? It’s a flaw in Microsoft’s remote desktop protocol that would allow hackers to take full control of a target system.

What is the risk? Hackers could take control of your computer systems and add accounts with full user rights; view, change or delete data; or install malicious programs.

Who’s at risk? People who are on older version of Windows, including Windows 7, Windows Server 2008 R2, Windows Server 200, Window 2003 and Windows XP.

Who isn’t at risk? Windows 8, Windows 10 and Windows 2012 or later customers.

How to protect yourself: Upgrade to the most recent version of Windows or download security patches from Microsoft.  

Need more information? Read full details in the U.S. Department of Homeland Security’s alert.

Iranian ‘wiper’ threats

What is it? Iranian regime actors and proxies are launching more wiper attacks with deceptive spear-phishing emails designed to get you to download malicious software. The attacks also involve credential stuffing and password spraying attacks, which leverage previously stolen or cracked passwords. These stolen passwords are commonly available to hackers on password dump websites.

In a credential-stuffing attack, a hacker attempts to take over an account by logging into websites (e.g., social media, banking, email, etc.) with those spilled passwords. Password spraying is a similar type of account takeover attack, this time attempting to guess the password using common passwords.

What is the risk? Wiper attacks involve more than stealing money and data. They potentially could cause you to lose your entire network.

Who’s at risk? The cyberattacks are aimed at both the government and private sector. Employees are often targeted in an effort to gain access to systems at high-value companies, like gas or energy companies, or any companies that can disrupt American interests or commerce. For example, in 2012, Iranian hackers targeted two national oil companies in Saudi Arabia and, in 2018, an Italian gas and oil company. 

How to protect yourself: The best defense against spear-phishing is to never open emails from anyone you don’t know. And if anyone — even someone you know — sends you something to download, verify their identity and the authenticity of the email first. Multifactor authentication is one of the best possible defenses against credential stuffing and password spraying. In addition, create difficult and unique passwords for every account — and never share them with anyone.

Need more information? Read full details of the U.S. Department of Homeland Security’s alert, which includes tips and best practices.

How Wipfli can help

Cybersecurity threats occur on a daily basis. And the threat isn’t just from Iran.

U.S. officials say our other three top cyber adversaries are Russia, China and North Korea.

In the past, companies often had a small team tasked with maintaining security. But as the threat grows, hackers get more sophisticated, and more employees work in digital spaces, companies need greater defenses.

To help protect yourself and your company, we recommend at a minimum:

  • Patch your systems within a month of the patch being released.
  • Require use of multifactor authentication when connecting to systems from the internet
  • Train employees to spot well-crafted spear-phishing attacks
  • Practice good password hygiene by making them complex, changing them regularly and not using the same password across multiple accounts
  • Harden systems and firewalls to disallow unneeded ports and protocols
  • Ensure system backups are isolated from the network
  • Be ever vigilant and use real-time monitoring to immediately detect and respond to incidents

The team of professionals at Wipfli can help ensure your security strategy and solutions are as fluid and agile as the evolving cyber landscape. For more, download our guide on staying vigilant or go to our cybersecurity webpage to learn more about our comprehensive portfolio of cybersecurity services.

Author(s)

Tom Wojcinski
Tom Wojcinski, CISA, CRISC
Director
View Profile

Cybercrime: The Unseen Threat to Your Organization

Technology has revolutionized the business world, empowering organizations to solve challenges and connect with customers like never before. But it’s also given rise to a new threat: cybercrime. If your data fell into the wrong hands, would you be ready to respond with your business’s reputation — and bottom line — at stake?