WASHINGTON – In response to reports of an increase in cybersecurity threats, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs issued the following statement:

“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.” Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network. In times like these it’s important to make sure you’ve shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident – take it seriously and act quickly.

What can I do to protect my data and networks?

  • Back up your computer
    Perform frequent backups of your system and other important files and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
  • Store your backups separately
    Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer.
  • Train your organization
    Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.

Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while
others may only subtly affect your computer’s normal operations. Be aware of any unusual or unexpected behaviors. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can’t, you will need to take additional steps. Contact KAMIND IT to discuss specific Security options that are tailored to protect your Organization from continuous cyber security threats.