The Department of Homeland Security (DHS) is warning government agencies and US industries to stay aware of incoming Wiper Attacks from Iran.
DHS statement on wiper attacks
In a press release from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Director Christopher C. Krebs warned the public of “a recent rise in malicious cyber activity directed at the United States”, indicating potential cyber attacks against government agencies and businesses from Iranian regime actors. Krebs addresses the use of potential “wiper attacks” which are designed to completely eradicate an agency’s data and network systems, with the intent of ceasing network systems operations. These attacks are dangerous as there is little chance of recovering the data and restoring information.
These wiper threats are initiated with common cyber attacks such as password spraying, spear-phishing, and credential stuffing attacks. Once inside a network, the cyber regime can begin running data-wiping malware that destroys files and operational networks. The purpose of these attacks are to uncover which information is most important to processes of these agencies and terminate any data and it’s access. This isn’t the first malware that’s been designed to wipe out data and cut off networks, a similar variant Shamoon has been spotted in years past.
Proven Data locates suspicious IP addresses
In June 2019, members from our security analyst team recognized incoming cyber threats from IP addresses stemming from IR (Iran) IP addresses used in connection with incidents located here in the United States.
Reducing risk of wiper attacks
With a warning of approaching cyber attacks, U.S. government agencies and businesses must ensure they are doing more to protect their data and networks. CISA Director Krebs advocates U.S. agencies to be proactive with “basic defenses, like using multi-factor authentication”. Enabling two-factor authentication and improved password management can greatly reduce the risk of falling victim to these Wiper attacks. We strongly suggest a major overhaul of the data backup section of the government agency security framework and backup consistently!
The recent attack on an unmanned U.S. drone from an Iranian missile sparked pressure between Iranian militant forces and the United States military. As pressure builds for government leaders and officials to take action, Iran is developing a new pattern of cyber threats aimed at vulnerable US government agencies and industrial enterprise. We can all help by being alert and creating more awareness for our local and national community.
The CISA press release concludes with the appropriate information to report relevant information direction to the Department of Homeland Security (DHS): ⬇️
““Anyone who has relevant information or suspects a compromise should immediately contact us at [email protected].””