As a Managed IT Services Provider, we consider it our responsibility to provide information on factors that could potentially impact organization's technology, and as a result, their businesses.
Due to recent international events, the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security has issued an alert (AA20-006A) about potential cyber-threats.
While we do not feel there is a need to be alarmed at this time, there is reason to believe that there could be retaliatory cyber-attacks against the US Government, private businesses, critical infrastructure, academia, and so on.
Considering the nature of cyber-security attacks, these actors could be directly or indirectly related to a foreign government. Ransomware and social engineering are within the profile of potential attacks, and as you are probably aware, these types of attacks can happen to any size business in any industry.
CISA recommends organizations take the following actions:
- Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
- Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.
- Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system.
- Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.
To be clear, this kind of alert should be seen as a reminder that we always must remain vigilant and make cyber-security planning and responsiveness a priority. The rules haven’t changed in the past few days.