Targeting and response: According to Adrian Cheek, a senior cybercrime researcher at Canadian threat intelligence company Flare, the most at-risk sectors are critical infrastructure, including the defense and government supply chain, financial services, energy, and healthcare.”Water, energy, and healthcare sectors are currently the most exposed. These sectors combine high targeting priority with weak baseline security, particularly in operational technology environments. Financial services face high targeting priorities but generally have stronger defenses,” said Cheek.Iranian groups will first look for known weaknesses in operational technology and industrial control systems. “Every US multinational with Gulf region operations should brief regional personnel on heightened physical and cyber threats. Implement phishing-resistant MFA (FIDO2/WebAuthn) where possible. Remove unmanaged Remote Monitoring and Management (RMM) tools,” he said.Organizations should also urgently monitor for wiper malware whilst ensuring endpoint systems are primed to detect Shamoon variants while patching the VPN and other edge devices, another favored Iranian target, Cheek said.A big unknown is the effect AI might have on this type of conflict, suggested Dean Valentine, CEO of application security company ZeroPath. “The advent of frontier models with strong cybersecurity capabilities lowers the floor for participation in destructive cyberattacks. Before this year there were only a few countries that were heavily active in cyberspace. Now any country or criminal organization can get a team of 5 to 10 not-particularly-skilled engineers together and do major damage,” he said.While Iran’s offensive cyber-capability had been greatly reduced by US and Israeli attacks, AI was quietly putting potent disruption into the hands of more geographically distributed groups, he warned.”All of this means that in the near future poor countries like Iran are probably going to be much more capable of lashing out, by taking down large fractions of our internet infrastructure.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4140572/iranian-cyberattacks-fail-to-materialize-but-threat-remains-acute.html
