Iranian cyber attackers are focusing on critical infrastructure entities

An advisory released by the CISA, FBI, NSA, and their international partners warns about the targeting of critical infrastructure entities by Iranian cyber actors through brute force tactics. This activity has been ongoing since October 2023 and has resulted in compromised user accounts in various sectors including government, information technology, energy, engineering, and healthcare. Avishai Avivi, CISO at SafeBreach, emphasizes the importance of being vigilant against such threats, especially in light of Cybersecurity Awareness Month. He highlights the concept of ‘MFA Exhaustion’ and urges individuals to verify any MFA requests to prevent unauthorized access to accounts.

Threat actors using lateral movement

While the focus is on Iranian cyber actors, it’s crucial to recognize that other nation-state actors also employ similar tactics. James Winebrenner, CEO at Elisity, mentions instances involving China and North Korea, demonstrating the need for robust security measures.

Defending against brute force attacks

The advisory advises organizations to strengthen their passwords and implement MFA to safeguard against such attacks. It also provides information on indicators of compromise and tactics used by Iranian cyber actors, aiding in the identification of threats. Ryan Patrick, VP of Adoption at HITRUST, emphasizes the importance of integrating threat intelligence into cybersecurity strategies to mitigate risks and protect critical infrastructure.