DDoS attacks are the biggest threat: Perhaps Iran’s most prominent cyber tool is distributed denial of service (DDoS), usually in conjunction with so-called hacktivist groups.Hours after the US strikes against Iran’s nuclear sites, the Center for Internet Security (CIS) and other watchdogs confirmed that an Iranian-aligned hacktivist group called “313 Team” claimed responsibility for a DDoS attack on Trump’s Truth Social platform, which temporarily went dark.”There are 20 or 30 new Iranian groups that have emerged over the last week or so,” says Alexis Rapin, strategic threat intelligence analyst at ESET. “It’s hard to keep track. Many of these groups have been shut down by Telegram in recent days. So, they basically form new ones, new channels, new coalitions of groups.”Following the DHS warning of cyber threats tied to US involvement in the Iran conflict, Radware observed an 800% surge in claimed DDoS attacks against US sectors.”It’s an easy attack to pull off,” Pascal Geenens, director of threat Intelligence for Radware, tells CSO. “You just need infrastructure, and you just point it in the right way and you go at it and you almost always have some kind of result, whether it’s a big result or just a few seconds of downtime, enough to claim a report and to say, ‘Look, we had some impact.’””A lot of the outward communication we see coming from Iran is primarily from fake hacktivist personas, hacker groups, all on Telegram,” SentinelOne’s Hegel says. “We’re tracking dozens since the initial conflict kicked off last. They’re all doing the same thing, going for easy targets; it’s very opportunistic. DDoSing is almost child’s play nowadays.”
How CISOs could prepare for Iranian attacks: Even if the immediate threat of Iranian cyberattacks has subsided, CISOs should still consider strategies to help defend against them given the volatile nature of military conflicts in the Middle East.”Even if we don’t see widespread cyberattacks, it’s never a bad thing to be prepared for them,” Pete Nicoletti, global CISO of Americas for Check Point, tells CSO.Chief among Nicoletti’s list of things to do is “go ahead and set up geo-blocking,” he says. “You can easily get IP addresses and load them into your firewalls. Knock those countries that you do not have business with. Just drop them. They will be VPN’ing into other IP addresses and hacking from those, but take the ankle biters off the list.”Gaming out what an Iranian attack might look like can also help. “Review your incident response plan and go ahead and knock out a desktop exercise focused on a nation-state actor attack,” Nicoletti says. “Take historical data and say, ‘Okay, we’ve seen this, this, and this.’ Put it into your nation-state attack desktop exercise.”Preparing for a reputational fallout from a potential Iran-related attack is also helpful, particularly if the threat actor starts bragging about it. “The most important thing for CISOs is to have a statement ready if that time comes,” Radware’s Geenens says. “You don’t want to start thinking about what to do whenever you become the target of a fake claim, and it goes into the media, because your company can become a headline at any time because of those claims.”Most importantly, CISOs should make sure they have adequate DDoS protection. “Cyber warfare is so asymmetric; it doesn’t take much money and expertise, and you can literally buy it on the dark web,” Check Point’s Nicoletti says. “I can go to the dark web right now, and for $500, I can get a company that doesn’t have adequate DDoS protection. I can nuke them off the map for the next week for just $500.”See also:
How to create an effective incident response plan4 tabletop exercises every security team should runHow to create an effective crisis communication planHow to conduct an effective post-incident review
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4011379/iranian-cyber-threats-overhyped-but-cisos-cant-afford-to-let-down-their-guard.html
