Government Warns of New Cyber Threats Targeting U.S. Businesses

Patterson Belknap Webb & Tyler LLP

Patterson Belknap Webb & Tyler LLP

The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and businesses.  These hackers target vulnerabilities in virtual private networks (VPNs), which organizations use to allow remote network access.  Once the hackers gain access through a VPN, they export data, sell access to the network, and have the ability to install ransomware.  This is the latest example of criminals exploiting vulnerabilities associated with the current remote working environment.

Coming on the tail of myriad other attacks during the COVID-19 pandemic, the FBI and CISA report that this ring of Iranian hackers are targeting companies and agencies in the government, healthcare, financial, insurance, and media sectors.  Alerts like this should come as no surprise to those in these industries since cybercriminals have historically associated them with potentially valuable information.  INTERPOL, the U.K’s National Cyber Security Centre (NCSC), and CISA previously issued warnings in April concerning an uptick in cybercriminal activity associated with the shift of work from offices to homes.  Similarly, the NCSC and CISA’s joint guidance warned of potential VPN vulnerabilities.  The NCSC and CISA issued an updated joint advisory in May that further highlighted new vulnerabilities resulting from the global shift to remote working.

Last week’s CISA/FBI notice did not identify victims of the Iranian attacks, but the alert confirms that some of the attacks were successful and describes how this threat actor operates.  First, the bad actors conducted “mass-scanning” to identify “open ports” and other vulnerabilities in VPN infrastructure.  After gaining access, these hackers would obtain administrator-level credentials to the network and install software to cover their tracks, allowing longer, undetected access.  The hackers would then export data and, according to the recent alert, have also been observed selling access to the infiltrated network, allowing the purchaser to install ransomware.

CISA and the FBI recommend a series of specific remedial steps to mitigate the chances of falling victim to one of these attacks, including patching VPN software, auditing patch management programs, closely monitoring network traffic, and using multi-factor authentication for all network access, among other measures.

These most recent attacks serve as yet another reminder that businesses need to ensure implementation and ongoing enhancement of technical safeguards for digital assets, as well as appropriate policies and procedures directed to incident avoidance, response, and mitigation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide