Earlier this week the Cybersecurity and Infrastructure Security Agency (CISA) released an alert intended to heighten awareness of the potential for cyberattacks by Iran. Historically, Iran has launched cyberattacks to retaliate against perceived harm, and as we all know, tensions are currently high.
The CISA alert includes the following high-level recommendations:
- Adopt a state of heightened awareness by minimizing coverage gaps in personnel availability, consuming relevant threat intelligence, and making sure emergency call trees are up to date.
- Increase organizational vigilance by monitoring key internal security capabilities and identifying anomalous behavior.
- Confirm reporting processes by ensuring personnel know how and when to report an incident. The wellbeing of an organization’s workforce and cyber infrastructure depends on awareness of threat activity.
- Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.
In addition, the CISA alert includes some specific technical recommendations. Nothing earth-shattering here; these are all core components of basic cyber hygiene:
- Disable all unnecessary ports and protocols. Review network security device logs and determine whether to shut off unnecessary ports and protocols. Monitor common ports and protocols for command and control activity.
- Enhance monitoring of network and email traffic. Review network signatures and indicators for focused operations activities, monitor for new phishing themes and adjust email rules accordingly, and follow best practices of restricting attachments via email or other mechanisms.
- Patch externally facing equipment. Focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service on externally facing equipment.
- Log and limit usage of PowerShell. Limit the usage of PowerShell to only users and accounts that need it, enable code signing of PowerShell scripts, and enable logging of all PowerShell commands.
- Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network.
To learn how Corsica Technologies’ managed security services can help your organization defend against cyberthreats, reach out to us at firstname.lastname@example.org or call (877) 659-2261.