Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

https://firewall.firm.in/wp-content/uploads/2024/10/cyberattack.png

Oct 18, 2024Ravie LakshmananCyber Intelligence / Critical Infrastructure

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks.

“Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and public health (HPH), government, information technology, engineering, and energy sectors,” the agencies said in a joint advisory.

The attacks have targeted healthcare, government, information technology, engineering, and energy sectors, per the Australian Federal Police (AFP), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment Canada (CSE), the U.S. Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).

Cybersecurity

Another notable tactic outside of brute force and password spraying concerns the use of multi-factor authentication (MFA) prompt bombing to penetrate networks of interest.

“Push bombing is a tactic employed by threat actors that floods, or bombs, a user with MFA push notifications with the goal of manipulating the user into approving the request either unintentionally or out of annoyance,” Ray Carney, director of research at Tenable, said in a statement.

“This tactic is also referred to as MFA fatigue. Phishing-resistant MFA is the best mechanism to prevent push bombing, but if that’s not an option, number matching – requiring users to enter a time-specific code from a company approved identity system – is an acceptable back up. Many identity systems have number matching as a secondary feature.”

The end goal of these attacks is to likely obtain credentials and information describing the victim’s network that can then be sold to enable access to other cybercriminals, echoing an alert previously issued by the U.S. in August 2024.

The initial access is followed by steps to conduct extensive reconnaissance of the entity’s systems and network using living-off-the-land (LotL) tools, escalate privileges via CVE-2020-1472 (aka Zerologon), and lateral movement via RDP. The threat actor has also been found to register their own devices with MFA to maintain persistence.

The attacks, in some instances, are characterized by using msedge.exe to establish outbound connections to Cobalt Strike command-and-control (C2) infrastructure.

“The actors performed discovery on the compromised networks to obtain additional credentials and identify other information that could be used to gain additional points of access,” the agencies said, adding they “sell this information on cybercriminal forums to actors who may use the information to conduct additional malicious activity.”

The alert comes weeks after government agencies from the Five Eyes countries published guidance on the common techniques that threat actors use to compromise Active Directory.

Cybersecurity

“Active Directory is the most widely used authentication and authorization solution in enterprise information technology (IT) networks globally,” the agencies said. “Malicious actors routinely target Active Directory as part of efforts to compromise enterprise IT networks by escalating privileges and targeting the highest confidential user objects.”

It also follows a shift in the threat landscape wherein nation-state hacking crews are increasingly collaborating with cybercriminals, outsourcing some parts of their operations to further their geopolitical and financial motives, Microsoft said.

“Nation-state threat actors are conducting operations for financial gain and enlisting the aid of cybercriminals and commodity malware to collect intelligence,” the tech giant noted in its Digital Defense Report for 2024.

“Nation-state threat actors conduct operations for financial gain, enlist cybercriminals to collect intelligence on the Ukrainian military, and make use of the same infostealers, command-and-control frameworks, and other tools favored by the cybercriminal community.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket