US warns everyone to use two-factor to counter rising Iranian ‘wiper’ malware threats

The US Department of Homeland Security has issued a warning about a recent uptick in cyberattacks from Iran aimed at destroying information rather than stealing it.

US government officials are giving consumers and business a reminder to be more vigilant about cybersecurity as tensions between the US and Iran continue to rise. The key advice it's given to consumers and employees in US organizations is to enable two-factor authentication for online accounts, such as Google, Facebook and Twitter, whose brands have all been used by Iranian hackers to manipulate public opinion.

“In times like these it’s important to make sure you’ve shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident - take it seriously and act quickly.  

The Washington Post reported on Thursday that the US launched a cyberattack on Iranian systems used for to control rocket and missiles. 

The alleged Iranian military target makes the attack reminiscent of Stuxnet, the powerful malware that is thought to have been developed by hackers within from the US National Security Agency. It was discovered in 2010 by a Russian researcher at Kaspersky. The Windows malware was aimed at air-gapped systems in an Iranian nuclear enrichment facility.      

The backdrop to new concerns about Iranian cybersecurity threats follows the Trump administration’s withdrawal from a 2015 nuclear deal, which is still supported by the EU, China, and Russia. Trump on Monday promised “major” new economic sanctions for Iran on top of existing financial pressure.   

DHS’s Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs, issued a statement this week warning US organizations about increased cyberattacks from Iran, highlighting the threat of data wiping malware. Past examples include widely-spread malware like WannaCry and NotPetya, and highly targeted data destroyers, such as Shamoon, which was aimed at Saudi Arabia's largest oil producer, Saudi Aramco, and Destover, which destroyed Sony Pictures Entertainment's data in 2014

“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” said Krebs in a statement

“We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.”

Besides using malware to destroy data, Krebs warned that Iranian “regime actors and proxies” are also looking to steal data and money through targeted phishing and using password attacks that exploit poor passwords for online accounts. Heavily sanctioned North Korea has also been accused of using cyberattacks to steal money.   

“These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” warned Krebs. 

Krebs’ final words on users protecting themselves from these attacks are that users should take are that they use “basic defenses” such as two-factor authentication and to actually recognize a suspicious activity as a potentially serious threat worthy of reporting to DHS.  

Tags MicrosoftnsairanDHSCISA

Show Comments