Security News
Researchers at Intezer uncovered the campaign after detecting a malicious file in January, purporting to be an employee satisfaction survey for Westat employees and customers. "The technical analysis of the new malware variants reveals this Iranian government-backed group has invested substantial efforts into upgrading its toolset in an attempt to evade future detection."
A threat group linked to Iran has targeted a U.S.-based research company whose services are used by businesses and government organizations, cybersecurity firm Intezer reveals. Specifically, Intezer's security researchers discovered a phishing document masquerading as an employee satisfaction survey tailored to Westat employees.
The campaign was using the heightened tension in the region following the killing of Iranian general Qasem Suleimani at a Baghdad airport, and used emails purporting to come from the Ministry of Foreign Affairs of the Kingdom of Bahrain, Saudi Arabia, and the United Arab Emirates. The use of legitimate public services in malware attacks is a growing trend among attackers.
Iranian-led disinformation campaigns and other cyberthreats against the U.S. are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death, security and political experts told the House Homeland Security Committee Wednesday. Rep. Bennie Thompson, D-Miss., the chairman of the Homeland Security Committee, noted during his opening remarks that this geopolitical tension could have "Dire consequences" for U.S. homeland security and asked the experts testifying to help lawmakers better understand the potential cyberthreats from Iran and its proxies.
The US Department of Homeland Security has issued a total of three warnings in the last few days encouraging people to be on the alert for physical and cyber attacks from Iran. The warnings directly address IT professionals with advice on how to secure their networks against Iranian attack.
As a result, organizations - especially healthcare entities and units of government that have been particularly vulnerable to ransomware attacks - need to be on guard against destructive "Wiper" attacks along the lines of those waged earlier by Iran, says Caleb Barlow, CEO of the security consultancy CynergisTek. Those attacks could be carried out not just by attackers affiliated with the nation-state, but also by rogue hackers who sympathize with the Iranian government, he says in an in-depth interview with Information Security Media Group.
Organizations should long ago have put in place multifactor authentication and a breach response plan and continued to actively shore up any defenses that are lagging. Here's the U.S. government once again warning organizations that support critical infrastructure to do the basics.
From past roles at the Department of Justice, Department of Homeland Security, Microsoft and as the CISO of Sony, Phil Reitinger has learned more than a thing or two about nation-states and cyber threats. In this exclusive audio interview, the head of the Global Cyber Alliance discusses how to respond to potential new threats from Iran.
Launching online attacks remains a potent tool in the Iranian government's geopolitical playbook. U.S. officials have warned U.S. businesses to expect an escalation in online attacks launched by Iranian-allied hackers.
Launching online attacks remains a potent tool in the Iranian government's geopolitical playbook. U.S. officials have warned U.S. businesses to expect an escalation in online attacks launched by Iranian-allied hackers.