The tension with Iran has generally increased, and it has been reported that the U.S. has launched a cyber-attack against Iran. In retaliation, the risk of Iranian-backed wiper malware attacks against U.S. businesses and government agencies has increased, according to the Department of Homeland Security (DHS).
DHS recently issued a warning to U.S. businesses to be on high alert for Iranian-backed wiper malware attacks that are being launched in the traditional ways of phishing and spear phishing campaigns, social engineering, credential stuffing or password spraying. Wiper malware is particularly vicious because it doesn’t just steal money, data or trade secrets like traditional malware and ransomware does, but once introduced into a company’s system, it completely wipes all of the data and it can’t be retrieved, even by paying a ransom. This would obviously be devastating to a business, critical infrastructure or government agency—potentially more devastating than we have seen with the impact of ransomware attacks on businesses and municipalities.
To put it in perspective, in 2017, NotPetya wiper malware resulted in global financial losses of between $4 billion and $8 billion. Further, Carbon Black recently reported that 45% of healthcare CISOs have experienced a wiper malware attack in the past 12 months. As a reminder, the malware SamSam, which crushed the healthcare industry several years ago, was launched by Iranian-backed attackers.
DHS urges businesses to be on high alert and to address any incidents. According to DHS, all of these attack methods can be blocked with basic cybersecurity measures, including:
- enforce the use of strong passwords/passphrases
- change all default passwords
- rate limit logins
- identify and prohibit forwarding rules
- apply the rule of least privilege when setting permissions
- implement multi-factor authentication
- close unused ports
- disable RDP
- prompt patching
- adopt a robust backup strategy, and
- provide security awareness training and education to employees.
These are all basic cybersecurity measures to implement. Nonetheless, DHS states that presently all U.S industries, government agencies, and businesses should be alert to the risk of wiper malware attacks coming out of Iran.