The announcement follows a rise in tensions between Iran and the U.S.
The cyber attacks, according to CISA Director Christopher C. Krebs, go beyond the typical data breach or account theft.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks,” Krebs said. “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
Krebs said these attacks begin with email spearphishing, password spraying, and credential stuffing.
Spearphishing uses emails crafted to entice a victim to click on a link or open an attachment to download malware.
Password spraying is a type of brute force attack that gathers (or guesses) usernames at a targeted organization. Attackers then attempt to get in to a system by paring the usernames with a series of passwords, including common weak passwords. Attackers may also have a user’s password from another account and try it to see if the user repeated the password on a work account.
Credential stuffing is where hackers use automation tools to take compromised logins from other data breaches and use those usernames and passwords to acccess new systems. These attacks take advantage of users repeating emails and passwords on their various online accounts.
Krebs encouraged businesses to step up use of multi-factor authentication to prevent these attacks. Krebs also recommended organizations treat seriously any suspicious or unusual system behavior.
Our latest White Paper on Layered Defense gives you more tips on ways to strengthen your network against these types of attacks.