The United States government is bracing for potential cyberattacks from Iran, though no credible threat against critical infrastructure has been discovered, according to a U.S. Department of Homeland Security (DHS) warning issued Saturday, January 4, 2020.
Moreover, President Donald Trump says the United States is prepared to target 52 Iranian sites if Iran launches any types of attacks against U.S. targets.
For MSSPs (managed security services providers), the warnings are a healthy reminder to double check business continuity, threat detection, disaster recovery and distributed denial of service (DDoS) mitigation plans — both within MSSP operations and extending out to end-customer systems.
U.S. vs Iran: Cyberattack Warning Background
The DHS warning surfaced two days after the United States launched a lethal strike in Iraq, killing Iranian IRGC-Quds Force commander Qassem Soleimani while Soleimani was in Iraq, the warning states. The U.S. is also warning organizations that Iran’s cyber expertise should not be underestimated, stating:
“Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
U.S. vs Iran: More Cyberattack History
Iran has also targeted political figures and leaders. A hacking group tied to the Iranian government reportedly made unsuccessful attempts to break into President Trump’s 2020 re-election campaign infrastructure, MSSP Alert noted in 2019.
On the flip side, the U.S. from time to time has also launched cyberattacks against Iran, according to multiple reports.
Governments and international organizations are taking extra precautions amid rising tensions between the United States and Iran. For instance, NATO has suspended a training mission for soldiers in the Iraqi army in the wake of the U.S. strike that killed Iran’s Soleimani, AP reports.
U.S. vs Iran Cyberattacks: MSSP Defense Strategies
For MSSPs and end-customers, the DHS warning provides a timely reminder: Document all of the business services you leverage, the associated vendor relationships, and workarounds in case those services are disabled.
Among the key areas of concern, according to MSSP Alert:
- SaaS and Unified Communications: Many customers don’t understand where their SaaS applications and unified communications services actually reside. It’s not enough to know the SaaS and UCaaS (unified communications as a service) vendor names. You must also know the underlying IaaS (infrastructure as a service) and data center providers, along with their business continuity and data relocation plans if a primary data center goes dark.
- Electric Grids and Power: LookBack malware attacked United States utilities and critical infrastructure across 18 states in 2019. It’s a safe bet more attacks are coming, which means MSSPs and data center providers need to double-check primary and alternative power sources across.
- MSPs as a Target: The Cloud Hopper cyberattacks that targeted major MSPs and cloud service providers (CSPs) worldwide were larger than previously disclosed, according to a Wall Street Journal investigation published last week.
MSPs Fighting Cyberattacks: Basic First Steps
To get ahead of cyber threats, MSSP Alert and ChannelE2E have recommended that readers:
- Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
- Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
- Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
- Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
- Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 — more details soon.)